Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-2370
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:58:02.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30494", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30494" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10577", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "name": "ADV-2009-1535", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "name": "RHSA-2008:0862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "34013", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34013" }, { "name": "ADV-2008-2823", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37460" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "name": "31982", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31982" }, { "name": "31681", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/31681" }, { "name": "32120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "33999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33999" }, { "name": "31865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31865" }, { "name": "oval:org.mitre.oval:def:5876", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" }, { "name": "4099", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/4099" }, { "name": "FEDORA-2008-8130", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "name": "31639", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31639" }, { "name": "SUSE-SR:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "name": "MDVSA-2008:188", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "name": "31379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31379" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "ADV-2009-0320", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "RHSA-2008:0864", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "name": "tomcat-requestdispatcher-info-disclosure(44156)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "35393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35393" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57126" }, { "name": "32222", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32222" }, { "name": "36249", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36249" }, { "name": "31891", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31891" }, { "name": "33797", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33797" }, { "name": "1020623", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020623" }, { "name": "FEDORA-2008-7977", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "name": "ADV-2008-2305", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "name": "FEDORA-2008-8113", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "name": "ADV-2008-2780", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "31381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31381" }, { "name": "HPSBUX02401", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "ADV-2009-2215", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "name": "APPLE-SA-2008-10-09", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3216" }, { "name": "ADV-2009-0503", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "SSRT090005", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "32266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32266" }, { "name": "RHSA-2008:0648", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "30494", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30494" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10577", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "name": "ADV-2009-1535", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "name": "RHSA-2008:0862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "34013", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34013" }, { "name": "ADV-2008-2823", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37460" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "name": "31982", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31982" }, { "name": "31681", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/31681" }, { "name": "32120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "33999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33999" }, { "name": "31865", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31865" }, { "name": "oval:org.mitre.oval:def:5876", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" }, { "name": "4099", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/4099" }, { "name": "FEDORA-2008-8130", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "name": "31639", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31639" }, { "name": "SUSE-SR:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "name": "MDVSA-2008:188", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "name": "31379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31379" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "ADV-2009-0320", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "RHSA-2008:0864", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "name": "tomcat-requestdispatcher-info-disclosure(44156)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "name": "SUSE-SR:2009:004", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "35393", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35393" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57126" }, { "name": "32222", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32222" }, { "name": "36249", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36249" }, { "name": "31891", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31891" }, { "name": "33797", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33797" }, { "name": "1020623", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020623" }, { "name": "FEDORA-2008-7977", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "name": "ADV-2008-2305", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "name": "FEDORA-2008-8113", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "name": "ADV-2008-2780", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "31381", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31381" }, { "name": "HPSBUX02401", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "ADV-2009-2215", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "name": "APPLE-SA-2008-10-09", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3216" }, { "name": "ADV-2009-0503", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "SSRT090005", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "32266", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32266" }, { "name": "RHSA-2008:0648", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-2370", "datePublished": "2008-08-04T01:00:00", "dateReserved": "2008-05-21T00:00:00", "dateUpdated": "2024-08-07T08:58:02.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2008-2370\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-08-04T01:41:00.000\",\"lastModified\":\"2024-11-21T00:46:43.897\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, cuando se utiliza RequestDispatcher, realiza una regularizaci\u00f3n de ruta antes de eliminar la cadena de consulta desde la URI, lo cual permite a atacantes remotos dirigir ataques de salto de directorio y leer archivos arbitrariamente mediante un .. (punto punto) en un parametro request.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E300013-0CE7-4313-A553-74A6A247B3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D7414-8D0C-45D6-8E87-679DF0201D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60CFD9CA-1878-4C74-A9BD-5D581736E6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02860646-1D72-4D9A-AE2A-5868C8EDB3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE4B9B5-9C2E-47E1-9483-88A17264594F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE92A9B-4B8C-468E-9162-A56ED5313E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE21D455-5B38-4B07-8E25-4EE782501EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92F3744-C8F9-4E29-BF1A-25E03A32F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084B3227-FE22-43E3-AE06-7BB257018690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D536FF4-7582-4351-ABE3-876E20F8E7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB43F47F-5BF9-43A0-BF0E-451B4A8F7137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DDD82E-5D83-4581-B2F3-F12655BBF817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0F0C91-171E-421D-BE86-11567DEFC7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22D2621-D305-43CE-B00D-9A7563B061F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4245BA-B05C-49DE-B2E0-1E588209ED3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8633532B-9785-4259-8840-B08529E20DCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D9BD7E-FCC2-404B-A057-1A10997DAFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F935ED72-58F4-49C1-BD9F-5473E0B9D8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA52901-2D16-4F7E-BF5E-780B42A55D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A79DA2C-35F3-47DE-909B-8D8D1AE111C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BF6952D-6308-4029-8B63-0BD9C648C60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94941F86-0BBF-4F30-8F13-FB895A11ED69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17522878-4266-432A-859D-C02096C8AC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951FFCD7-EAC2-41E6-A53B-F90C540327E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1F2738-C7D6-4206-9227-43F464887FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EEB6F2-A721-45CF-A856-0E01B043C317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FDE602-A56A-477E-B704-41AF92EEBB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A28B11A-3BC7-41BC-8970-EE075B029F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E98B82A-22E5-4E6C-90AE-56F5780EA147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34672E90-C220-436B-9143-480941227933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92883AFA-A02F-41A5-9977-ABEAC8AD2970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989A78F8-EE92-465F-8A8D-ECF0B58AFE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFB09F3-32D1-479C-8C39-D7329D9A6623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56581E2-9ECD-426A-96D8-A9D958900AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717F6995-5AF0-484C-90C0-A82F25FD2E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C01D5-773F-469C-9E69-170C2844AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5878E08E-2741-4798-94E9-BA8E07386B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F6BAB7-C099-4345-A632-7287AEA555B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AAF031-D16B-4D51-9581-2D1376A5157B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51120689-F5C0-4DF1-91AA-314C40A46C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F67477AB-85F6-421C-9C0B-C8EFB1B200CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/36249\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/4099\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/495022/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/30494\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1020623\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2215\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/495022/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2008_0877
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft\u00ae .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0877", "url": "https://access.redhat.com/errata/RHSA-2008:0877" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json" } ], "title": "Red Hat Security Advisory: jbossweb security update", "tracking": { "current_release_date": "2024-11-22T02:13:38+00:00", "generator": { "date": "2024-11-22T02:13:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2008:0877", "initial_release_date": "2008-09-22T13:32:00+00:00", "revision_history": [ { "date": "2008-09-22T13:32:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-09-22T09:32:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:13:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "product": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "product": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "product": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "product": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" }, "product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-09-22T13:32:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0877" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-09-22T13:32:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0877" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2938", "discovery_date": "2008-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "456120" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat Unicode directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2938" }, { "category": "external", "summary": "RHBZ#456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938" } ], "release_date": "2008-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-09-22T13:32:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0877" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat Unicode directory traversal vulnerability" } ] }
rhsa-2010_0602
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0602", "url": "https://access.redhat.com/errata/RHSA-2010:0602" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", "url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html" }, { "category": "external", "summary": "200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732" }, { "category": "external", "summary": "237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "323571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571" }, { "category": "external", "summary": "333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "443928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928" }, { "category": "external", "summary": "451615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "458250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "category": "external", "summary": "504555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "509125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125" }, { "category": "external", "summary": "515698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "category": "external", "summary": "521619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619" }, { "category": "external", "summary": "522209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209" }, { "category": "external", "summary": "570171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171" }, { "category": "external", "summary": "596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json" } ], "title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", "tracking": { "current_release_date": "2024-12-15T18:14:44+00:00", "generator": { "date": "2024-12-15T18:14:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2010:0602", "initial_release_date": "2010-08-04T21:30:00+00:00", "revision_history": [ { "date": "2010-08-04T21:30:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-08-05T10:04:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-15T18:14:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4AS", "product": { "name": "Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } }, { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4ES", "product": { "name": "Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } } ], "category": "product_family", "name": "Red Hat Certificate System" }, { "branches": [ { "category": "product_version", "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "ant-0:1.6.5-1jpp_1rh.noarch", "product": { "name": "ant-0:1.6.5-1jpp_1rh.noarch", "product_id": "ant-0:1.6.5-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch" } } }, { "category": "product_version", "name": "axis-0:1.2.1-1jpp_3rh.noarch", "product": { "name": "axis-0:1.2.1-1jpp_3rh.noarch", "product_id": "axis-0:1.2.1-1jpp_3rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch" } } }, { "category": "product_version", "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch" } } }, { "category": "product_version", "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch" } } }, { "category": "product_version", "name": "log4j-0:1.2.12-1jpp_1rh.noarch", "product": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch", "product_id": "log4j-0:1.2.12-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-manage-0:7.3.0-19.el4.noarch", "product": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch", "product_id": "rhpki-manage-0:7.3.0-19.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-ca-0:7.3.0-20.el4.noarch", "product": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch", "product_id": "rhpki-ca-0:7.3.0-20.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-kra-0:7.3.0-14.el4.noarch", "product": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch", "product_id": "rhpki-kra-0:7.3.0-14.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-tks-0:7.3.0-13.el4.noarch", "product": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch", "product_id": "rhpki-tks-0:7.3.0-13.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xml-commons-0:1.3.02-2jpp_1rh.src", "product": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src", "product_id": "xml-commons-0:1.3.02-2jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "ant-0:1.6.5-1jpp_1rh.src", "product": { "name": "ant-0:1.6.5-1jpp_1rh.src", "product_id": "ant-0:1.6.5-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "avalon-logkit-0:1.2-2jpp_4rh.src", "product": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src", "product_id": "avalon-logkit-0:1.2-2jpp_4rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src" } } }, { "category": "product_version", "name": "axis-0:1.2.1-1jpp_3rh.src", "product": { "name": "axis-0:1.2.1-1jpp_3rh.src", "product_id": "axis-0:1.2.1-1jpp_3rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src" } } }, { "category": "product_version", "name": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src" } } }, { "category": "product_version", "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src" } } }, { "category": "product_version", "name": "log4j-0:1.2.12-1jpp_1rh.src", "product": { "name": "log4j-0:1.2.12-1jpp_1rh.src", "product_id": "log4j-0:1.2.12-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "mx4j-1:3.0.1-1jpp_4rh.src", "product": { "name": "mx4j-1:3.0.1-1jpp_4rh.src", "product_id": "mx4j-1:3.0.1-1jpp_4rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.src", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.src", "product_id": "pcsc-lite-0:1.3.3-3.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src" } } }, { "category": "product_version", "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch" }, "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch" }, "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch" }, "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch" }, "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch" }, "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch" }, "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch" }, "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch" }, "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2005-2090", "discovery_date": "2005-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237079" } ], "notes": [ { "category": "description", "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat multiple content-length header poisioning", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2090" }, { "category": "external", "summary": "RHBZ#237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" } ], "release_date": "2005-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat multiple content-length header poisioning" }, { "cve": "CVE-2005-3510", "discovery_date": "2005-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237085" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3510" }, { "category": "external", "summary": "RHBZ#237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" } ], "release_date": "2005-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat DoS" }, { "cve": "CVE-2006-3835", "discovery_date": "2006-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237084" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory listing issue", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3835" }, { "category": "external", "summary": "RHBZ#237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" } ], "release_date": "2006-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat directory listing issue" }, { "cve": "CVE-2006-3918", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-07-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "200732" } ], "notes": [ { "category": "description", "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Expect header XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3918" }, { "category": "external", "summary": "RHBZ#200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918" } ], "release_date": "2006-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Expect header XSS" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2007-0450", "discovery_date": "2007-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237080" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0450" }, { "category": "external", "summary": "RHBZ#237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" } ], "release_date": "2007-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat directory traversal" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-1358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244803" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat accept-language xss flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1358" }, { "category": "external", "summary": "RHBZ#244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" } ], "release_date": "2007-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat accept-language xss flaw" }, { "cve": "CVE-2007-1863", "discovery_date": "2007-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244658" } ], "notes": [ { "category": "description", "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_cache segfault", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1863" }, { "category": "external", "summary": "RHBZ#244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863" } ], "release_date": "2007-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_cache segfault" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-3382", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247972" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookies", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3382" }, { "category": "external", "summary": "RHBZ#247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookies" }, { "cve": "CVE-2007-3385", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247976" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookie values", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3385" }, { "category": "external", "summary": "RHBZ#247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookie values" }, { "cve": "CVE-2007-3847", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2007-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250731" } ], "notes": [ { "category": "description", "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: out of bounds read", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3847" }, { "category": "external", "summary": "RHBZ#250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847" } ], "release_date": "2007-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: out of bounds read" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "acknowledgments": [ { "names": [ "Tavis Ormandy", "Will Drewry" ] } ], "cve": "CVE-2007-5116", "discovery_date": "2007-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "323571" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl regular expression UTF parsing errors", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5116" }, { "category": "external", "summary": "RHBZ#323571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116" } ], "release_date": "2007-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "perl regular expression UTF parsing errors" }, { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" }, { "cve": "CVE-2008-0128", "discovery_date": "2008-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429821" } ], "notes": [ { "category": "description", "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat5 SSO cookie login information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0128" }, { "category": "external", "summary": "RHBZ#429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128" } ], "release_date": "2006-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat5 SSO cookie login information disclosure" }, { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1927", "discovery_date": "2008-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "443928" } ], "notes": [ { "category": "description", "text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl: heap corruption by regular expressions with utf8 characters", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1927" }, { "category": "external", "summary": "RHBZ#443928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927" } ], "release_date": "2007-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "perl: heap corruption by regular expressions with utf8 characters" }, { "cve": "CVE-2008-2364", "discovery_date": "2008-05-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "451615" } ], "notes": [ { "category": "description", "text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2364" }, { "category": "external", "summary": "RHBZ#451615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364" } ], "release_date": "2008-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2939", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "458250" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ftp globbing XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2939" }, { "category": "external", "summary": "RHBZ#458250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939" } ], "release_date": "2008-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy_ftp globbing XSS" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0023", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503928" } ], "notes": [ { "category": "description", "text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util heap buffer underwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0023" }, { "category": "external", "summary": "RHBZ#503928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util heap buffer underwrite" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-1891", "discovery_date": "2009-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "509125" } ], "notes": [ { "category": "description", "text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1891" }, { "category": "external", "summary": "RHBZ#509125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891" } ], "release_date": "2009-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate" }, { "cve": "CVE-2009-1955", "discovery_date": "2009-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504555" } ], "notes": [ { "category": "description", "text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util billion laughs attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1955" }, { "category": "external", "summary": "RHBZ#504555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955" } ], "release_date": "2009-06-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util billion laughs attack" }, { "cve": "CVE-2009-1956", "discovery_date": "2009-06-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504390" } ], "notes": [ { "category": "description", "text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util single NULL byte buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1956" }, { "category": "external", "summary": "RHBZ#504390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956" } ], "release_date": "2009-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util single NULL byte buffer overflow" }, { "cve": "CVE-2009-2412", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2009-07-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "515698" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2412" }, { "category": "external", "summary": "RHBZ#515698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412" } ], "release_date": "2009-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management" }, { "cve": "CVE-2009-3094", "discovery_date": "2009-09-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521619" } ], "notes": [ { "category": "description", "text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3094" }, { "category": "external", "summary": "RHBZ#521619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094" } ], "release_date": "2009-09-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply" }, { "cve": "CVE-2009-3095", "discovery_date": "2009-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "522209" } ], "notes": [ { "category": "description", "text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3095" }, { "category": "external", "summary": "RHBZ#522209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095" } ], "release_date": "2009-09-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header" }, { "cve": "CVE-2009-4901", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2010-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "596426" } ], "notes": [ { "category": "description", "text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4901" }, { "category": "external", "summary": "RHBZ#596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901" } ], "release_date": "2010-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages" }, { "cve": "CVE-2010-0407", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2010-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "596426" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0407" }, { "category": "external", "summary": "RHBZ#596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407" } ], "release_date": "2010-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages" }, { "cve": "CVE-2010-0434", "discovery_date": "2010-03-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "570171" } ], "notes": [ { "category": "description", "text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: request header information leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0434" }, { "category": "external", "summary": "RHBZ#570171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434" } ], "release_date": "2009-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: request header information leak" } ] }
rhsa-2008_0648
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0648", "url": "https://access.redhat.com/errata/RHSA-2008:0648" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T02:13:57+00:00", "generator": { "date": "2024-11-22T02:13:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2008:0648", "initial_release_date": "2008-08-27T17:13:00+00:00", "revision_history": [ { "date": "2008-08-27T17:13:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-08-27T13:13:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:13:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-27T17:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0648" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1947", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "446393" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", "title": "Vulnerability description" }, { "category": "summary", "text": "Tomcat host manager xss - name field", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1947" }, { "category": "external", "summary": "RHBZ#446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947" } ], "release_date": "2008-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-27T17:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0648" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Tomcat host manager xss - name field" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-27T17:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0648" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2938", "discovery_date": "2008-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "456120" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat Unicode directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2938" }, { "category": "external", "summary": "RHBZ#456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938" } ], "release_date": "2008-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-27T17:13:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0648" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat Unicode directory traversal vulnerability" } ] }
rhsa-2008_1007
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:1007", "url": "https://access.redhat.com/errata/RHSA-2008:1007" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "466875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json" } ], "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", "tracking": { "current_release_date": "2024-11-22T02:13:43+00:00", "generator": { "date": "2024-11-22T02:13:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2008:1007", "initial_release_date": "2008-12-08T09:02:00+00:00", "revision_history": [ { "date": "2008-12-08T09:02:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-12-08T04:02:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:13:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.1::el4" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.0:el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch", "product": { "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch", "product_id": "tomcat5-0:5.0.30-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-12-08T09:02:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:1007" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1947", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "446393" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", "title": "Vulnerability description" }, { "category": "summary", "text": "Tomcat host manager xss - name field", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1947" }, { "category": "external", "summary": "RHBZ#446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947" } ], "release_date": "2008-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-12-08T09:02:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:1007" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Tomcat host manager xss - name field" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-12-08T09:02:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:1007" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2938", "discovery_date": "2008-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "456120" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat Unicode directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2938" }, { "category": "external", "summary": "RHBZ#456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938" } ], "release_date": "2008-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-12-08T09:02:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:1007" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat Unicode directory traversal vulnerability" }, { "cve": "CVE-2008-3271", "discovery_date": "2008-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "466875" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RemoteFilterValve Information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3271" }, { "category": "external", "summary": "RHBZ#466875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3271", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271" } ], "release_date": "2008-10-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-12-08T09:02:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:1007" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat RemoteFilterValve Information disclosure" } ] }
rhsa-2008_0864
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0864", "url": "https://access.redhat.com/errata/RHSA-2008:0864" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T02:13:34+00:00", "generator": { "date": "2024-11-22T02:13:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2008:0864", "initial_release_date": "2008-10-02T14:02:00+00:00", "revision_history": [ { "date": "2008-10-02T14:02:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-10-02T10:02:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:13:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Developer Suite v.3 (AS v.4)", "product": { "name": "Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_developer_suite:3" } } } ], "category": "product_family", "name": "Red Hat Developer Suite v.3" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_12rh.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_12rh.src", "product_id": "tomcat5-0:5.5.23-0jpp_12rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_12rh.src", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", "relates_to_product_reference": "4AS-DS3" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:02:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0864" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1947", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "446393" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", "title": "Vulnerability description" }, { "category": "summary", "text": "Tomcat host manager xss - name field", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1947" }, { "category": "external", "summary": "RHBZ#446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947" } ], "release_date": "2008-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:02:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0864" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Tomcat host manager xss - name field" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:02:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0864" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2938", "discovery_date": "2008-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "456120" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat Unicode directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2938" }, { "category": "external", "summary": "RHBZ#456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938" } ], "release_date": "2008-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:02:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0864" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat Unicode directory traversal vulnerability" } ] }
rhsa-2008_0862
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0862", "url": "https://access.redhat.com/errata/RHSA-2008:0862" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "427216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216" }, { "category": "external", "summary": "446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T02:13:30+00:00", "generator": { "date": "2024-11-22T02:13:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2008:0862", "initial_release_date": "2008-10-02T14:03:00+00:00", "revision_history": [ { "date": "2008-10-02T14:03:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-10-02T10:03:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:13:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Server v2 4AS", "product": { "name": "Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4ES", "product": { "name": "Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4WS", "product": { "name": "Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } } ], "category": "product_family", "name": "Red Hat Application Server" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "relates_to_product_reference": "4WS-RHAPS2" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5342", "discovery_date": "2007-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427216" } ], "notes": [ { "category": "description", "text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.", "title": "Vulnerability description" }, { "category": "summary", "text": "Apache Tomcat\u0027s default security policy is too open", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5342" }, { "category": "external", "summary": "RHBZ#427216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342" } ], "release_date": "2007-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Apache Tomcat\u0027s default security policy is too open" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1947", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "446393" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", "title": "Vulnerability description" }, { "category": "summary", "text": "Tomcat host manager xss - name field", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1947" }, { "category": "external", "summary": "RHBZ#446393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947" } ], "release_date": "2008-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Tomcat host manager xss - name field" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2938", "discovery_date": "2008-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "456120" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat Unicode directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2938" }, { "category": "external", "summary": "RHBZ#456120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938" } ], "release_date": "2008-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-10-02T14:03:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0862" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat Unicode directory traversal vulnerability" } ] }
var-200808-0011
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2370: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev
Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml
Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b. Update Apache Tomcat version to 6.0.20
Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References
Tomcat release notes tomcat.apache.org/security-5.html
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0011", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.9, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.37" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.36" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "4.1.3" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.0.2" }, { "model": "virtualcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "2.5" }, { "model": "vcenter", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "4.1.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "drupal", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "pear xml rpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpxmlrpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "postnuke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "serendipity", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wordpress", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "xoops", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "phpmyfaq", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "4.1.0 to 4.1.37 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "5.5.0 to 5.5.26 version" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.0 to 6.0.16 version" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0" }, { "model": "server", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.x" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.5" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(sparc)" }, { "model": "opensolaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "(x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "10 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "hp xp p9000 performance advisor software", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "5.4.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "webotx application server", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systems wikid server", "scope": "eq", "trust": 0.3, "vendor": "wikid", "version": "3.0.4" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.25" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.24" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.23" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.22" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.21" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "red hat network satellite (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4)5.1" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform .cp03", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "developer suite as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "application server ws4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server es4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "application server as4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20080" }, { "model": "zenworks linux management", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "7.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "xp p9000 performance advisor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage business application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "meeting exchange enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.9" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "4.1" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.2" }, { "model": "ode", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.0" }, { "model": "systems wikid server", "scope": "ne", "trust": 0.3, "vendor": "wikid", "version": "3.0.5" }, { "model": "virtualcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "opensolaris build snv 101", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jboss enterprise application platform .cp04", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "4.2" }, { "model": "xp p9000 performance advisor", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5.5.1" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "4.1.38" }, { "model": "ode", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.3" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2008-2370" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\u0026#65279;Stefano Di Paola", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "cve": "CVE-2008-2370", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2008-2370", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2008-2370", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#442845", "trust": 0.8, "value": "20.75" }, { "author": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2008-2370", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. \nThe following versions are affected:\nTomcat 4.1.0 through 4.1.37\nTomcat 5.5.0 through 5.5.26\nTomcat 6.0.0 through 6.0.16\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\n\nSeverity: Important\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nTomcat 4.1.0 to 4.1.37\nTomcat 5.5.0 to 5.5.26\nTomcat 6.0.0 to 6.0.16\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\n\nDescription:\nWhen using a RequestDispatcher the target path was normalised before the\nquery string was removed. A request that included a specially crafted\nrequest parameter could be used to access content that would otherwise be\nprotected by a security constraint or by locating it in under the WEB-INF\ndirectory. \n\nMitigation:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 5.5.27\nhttp://svn.apache.org/viewvc?rev=680949\u0026view=rev\n4.1.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 4.1.38\nhttp://svn.apache.org/viewvc?rev=680950\u0026view=rev\n\nExample:\nFor a page that contains:\n\u003c%\npageContext.forward(\"/page2.jsp?somepar=someval\u0026par=\"+request.getParameter(\"blah\"));\n%\u003e\nan attacker can use:\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\n\nCredit:\nThis issue was discovered by \ufeffStefano Di Paola of Minded Security Research\nLabs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. Update Apache Tomcat version to 6.0.20\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. References\n\n Tomcat release notes\n tomcat.apache.org/security-5.html\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n\n- - ------------------------------------------------------------------------\n6. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n A traversal vulnerability was found when the \u0027allowLinking\u0027 and\n \u0027URIencoding\u0027 settings were actived which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-2370" }, { "db": "CERT/CC", "id": "VU#442845" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "BID", "id": "30494" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" } ], "trust": 3.51 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32137", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-2370", "trust": 3.6 }, { "db": "BID", "id": "30494", "trust": 2.8 }, { "db": "SECUNIA", "id": "31381", "trust": 2.5 }, { "db": "SECUNIA", "id": "31379", "trust": 2.5 }, { "db": "SECTRACK", "id": "1020623", "trust": 2.5 }, { "db": "SECUNIA", "id": "33797", "trust": 1.7 }, { "db": "SECUNIA", "id": "31639", "trust": 1.7 }, { "db": "SECUNIA", "id": "36249", "trust": 1.7 }, { "db": "SECUNIA", "id": "37460", "trust": 1.7 }, { "db": "SECUNIA", "id": "31982", "trust": 1.7 }, { "db": "SECUNIA", "id": "32120", "trust": 1.7 }, { "db": "SECUNIA", "id": "35393", "trust": 1.7 }, { "db": "SECUNIA", "id": "32266", "trust": 1.7 }, { "db": "SECUNIA", "id": "32222", "trust": 1.7 }, { "db": "SECUNIA", "id": "33999", "trust": 1.7 }, { "db": "SECUNIA", "id": "31865", "trust": 1.7 }, { "db": "SECUNIA", "id": "57126", "trust": 1.7 }, { "db": "SECUNIA", "id": "31891", "trust": 1.7 }, { "db": "SECUNIA", "id": "34013", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-1535", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0503", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2823", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2780", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-3316", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0320", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-2215", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2305", "trust": 1.7 }, { "db": "BID", "id": "31681", "trust": 1.7 }, { "db": "SREASON", "id": "4099", "trust": 1.7 }, { "db": "SECUNIA", "id": "15884", "trust": 0.9 }, { "db": "SECUNIA", "id": "15810", "trust": 0.8 }, { "db": "SECUNIA", "id": "15922", "trust": 0.8 }, { "db": "SECUNIA", "id": "15852", "trust": 0.8 }, { "db": "SECUNIA", "id": "15855", "trust": 0.8 }, { "db": "SECUNIA", "id": "15861", "trust": 0.8 }, { "db": "SECUNIA", "id": "15862", "trust": 0.8 }, { "db": "SECUNIA", "id": "15872", "trust": 0.8 }, { "db": "SECUNIA", "id": "15883", "trust": 0.8 }, { "db": "SECUNIA", "id": "15895", "trust": 0.8 }, { "db": "BID", "id": "14088", "trust": 0.8 }, { "db": "SECTRACK", "id": "1014327", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#442845", "trust": 0.8 }, { "db": "XF", "id": "44156", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2008-001606", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200808-030", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "32137", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2008-2370", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "68743", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "74633", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82837", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125556", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "75161", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125436", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "38390", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "id": "VAR-200808-0011", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15801565 }, "last_update_date": "2024-07-23T20:51:12.284000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache Tomcat 5.5.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html" }, { "title": "Fixed in Apache Tomcat 6.0.18", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html" }, { "title": "Fixed in Apache Tomcat 4.1.SVN", "trust": 0.8, "url": "http://tomcat.apache.org/security-4.html" }, { "title": "APPLE-SA-2008-10-09 Security Update 2008-007", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/en-us/ht3216" }, { "title": "HT3216", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht3216" }, { "title": "tomcat5-5.5.23-0jpp.7.1.1AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156" }, { "title": "ASA-2008-401", "trust": 0.8, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm" }, { "title": "HPSBUX02401 SSRT090005", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01650939" }, { "title": "HPSBST02955 SSRT101157", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04047415" }, { "title": "1381", "trust": 0.8, "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1381" }, { "title": "NV09-012", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv09-012.html" }, { "title": "RHSA-2008:0648", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2008-0648.html" }, { "title": "RHSA-2008:0862", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2008-0862.html" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "251986", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "title": "VMSA-2009-0002", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html" }, { "title": "VMSA-2009-0016", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html" }, { "title": "interstage_as_200902", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20080877 - security advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20080864 - security advisory" }, { "title": "Red Hat: Important: tomcat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20080862 - security advisory" }, { "title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20081007 - security advisory" }, { "title": "VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=73a787a1c84c97013ffa2f87f6d2e4ba" }, { "title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7" } ], "sources": [ { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "http://www.securityfocus.com/bid/30494" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id?1020623" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31379" }, { "trust": 2.5, "url": "http://secunia.com/advisories/31381" }, { "trust": 2.4, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/31681" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-4.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 2.0, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 2.0, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31639" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31891" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31865" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht3216" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32222" }, { "trust": 1.7, "url": "http://securityreason.com/securityalert/4099" }, { "trust": 1.7, "url": "http://secunia.com/advisories/31982" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33797" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32120" }, { "trust": 1.7, "url": "http://secunia.com/advisories/32266" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "trust": 1.7, "url": "http://secunia.com/advisories/33999" }, { "trust": 1.7, "url": "http://secunia.com/advisories/34013" }, { "trust": 1.7, "url": "http://secunia.com/advisories/35393" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "trust": 1.7, "url": "http://secunia.com/advisories/36249" }, { "trust": 1.7, "url": "http://secunia.com/advisories/37460" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "trust": 1.7, "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "trust": 1.7, "url": "http://secunia.com/advisories/57126" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15884/" }, { "trust": 0.9, "url": "http://secunia.com/advisories/15852/" }, { "trust": 0.8, "url": "http://www.hardened-php.net/advisory-022005.php" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15861/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15862/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15895/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15883/" }, { "trust": 0.8, "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15855/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15810/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15872/" }, { "trust": 0.8, "url": "http://secunia.com/advisories/15922/" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2005/jun/1014327.html" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005" }, { "trust": 0.8, "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/14088" }, { "trust": 0.8, "url": "http://www.frsirt.com/english/advisories/2008/2305" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/44156" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342" }, { "trust": 0.3, "url": "http://lists.vmware.com/pipermail/security-announce/2009/000068.html" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html" }, { "trust": 0.3, "url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1" }, { "trust": 0.3, "url": "http://download.novell.com/download?buildid=n5vszfht1vs" }, { "trust": 0.3, "url": "/archive/1/495022" }, { "trust": 0.3, "url": "/archive/1/507985" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7006398" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461" }, { "trust": 0.2, "url": "http://enigmail.mozdev.org" }, { "trust": 0.2, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.2, "url": "http://www.vmware.com/security" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461" }, { "trust": 0.2, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.2, "url": "http://www.vmware.com/resources/techresources/726" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286" }, { "trust": 0.2, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.2, "url": "http://www.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2008:0877" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/32137/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security.html" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680949\u0026view=rev" }, { "trust": 0.1, "url": "http://host/page.jsp?blah=/../web-inf/web.xml" }, { "trust": 0.1, "url": "http://svn.apache.org/viewvc?rev=680950\u0026view=rev" }, { "trust": 0.1, "url": "http://software.hp.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864" }, { "trust": 0.1, "url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014842" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/lifecycle/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip" }, { "trust": 0.1, "url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100" }, { "trust": 0.1, "url": "http://enigmail.mozdev.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1014886" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848" }, { "trust": 0.1, "url": "http://www.wikidsystems.com" }, { "trust": 0.1, "url": "https://sourceforge.net/project/showfiles.php?group_id=144774" }, { "trust": 0.1, "url": "http://www.wikidsystems.com/downloads/" }, { "trust": 0.1, "url": "http://www.vmware.com/download/download.do?downloadgroup=vc250u4" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/4577/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_vacancies/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://sourceforge.net/project/showfiles.php?group_id=36679" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#442845" }, { "db": "VULMON", "id": "CVE-2008-2370" }, { "db": "BID", "id": "30494" }, { "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "db": "PACKETSTORM", "id": "68743" }, { "db": "PACKETSTORM", "id": "74633" }, { "db": "PACKETSTORM", "id": "82837" }, { "db": "PACKETSTORM", "id": "70055" }, { "db": "PACKETSTORM", "id": "125556" }, { "db": "PACKETSTORM", "id": "75161" }, { "db": "PACKETSTORM", "id": "69700" }, { "db": "PACKETSTORM", "id": "125436" }, { "db": "PACKETSTORM", "id": "38390" }, { "db": "CNNVD", "id": "CNNVD-200808-030" }, { "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-07-06T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2008-08-04T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2008-08-01T00:00:00", "db": "BID", "id": "30494" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2008-08-01T20:26:42", "db": "PACKETSTORM", "id": "68743" }, { "date": "2009-02-04T18:45:10", "db": "PACKETSTORM", "id": "74633" }, { "date": "2009-11-20T22:21:26", "db": "PACKETSTORM", "id": "82837" }, { "date": "2008-09-17T15:13:40", "db": "PACKETSTORM", "id": "70055" }, { "date": "2014-03-06T02:39:08", "db": "PACKETSTORM", "id": "125556" }, { "date": "2009-02-25T00:58:34", "db": "PACKETSTORM", "id": "75161" }, { "date": "2008-09-06T00:23:13", "db": "PACKETSTORM", "id": "69700" }, { "date": "2014-02-26T22:39:24", "db": "PACKETSTORM", "id": "125436" }, { "date": "2005-07-01T23:31:00", "db": "PACKETSTORM", "id": "38390" }, { "date": "2007-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2008-08-04T01:41:00", "db": "NVD", "id": "CVE-2008-2370" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-03-09T00:00:00", "db": "CERT/CC", "id": "VU#442845" }, { "date": "2019-03-25T00:00:00", "db": "VULMON", "id": "CVE-2008-2370" }, { "date": "2015-05-07T17:17:00", "db": "BID", "id": "30494" }, { "date": "2015-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001606" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-030" }, { "date": "2023-02-13T02:19:08.810000", "db": "NVD", "id": "CVE-2008-2370" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple PHP XML-RPC implementations vulnerable to code injection", "sources": [ { "db": "CERT/CC", "id": "VU#442845" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-030" } ], "trust": 0.6 } }
ghsa-m8h8-6rvg-f4mg
Vulnerability from github
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher
is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..
(dot dot) in a request parameter.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 4.1.37" }, "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.38" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 5.5.26" }, "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "5.5.0" }, { "fixed": "5.5.27" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.16" }, "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.18" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2008-2370" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2024-02-09T16:27:03Z", "nvd_published_at": "2008-08-04T01:41:00Z", "severity": "MODERATE" }, "details": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a `RequestDispatcher` is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a `..` (dot dot) in a request parameter.", "id": "GHSA-m8h8-6rvg-f4mg", "modified": "2024-02-09T16:27:04Z", "published": "2022-05-01T23:49:31Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222" }, { "type": "WEB", "url": "https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797" }, { "type": "WEB", "url": "https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999" }, { "type": "WEB", "url": "https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379" }, { "type": "WEB", "url": "https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013" }, { "type": "WEB", "url": "https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865" }, { "type": "WEB", "url": "https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393" }, { "type": "WEB", "url": "https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249" }, { "type": "WEB", "url": "https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460" }, { "type": "WEB", "url": "https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623" }, { "type": "WEB", "url": "https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494" }, { "type": "WEB", "url": "https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "type": "WEB", "url": "https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681" }, { "type": "WEB", "url": "https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126" }, { "type": "WEB", "url": "https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "type": "PACKAGE", "url": "https://github.com/apache/tomcat" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" }, { "type": "WEB", "url": "https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639" }, { "type": "WEB", "url": "https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT3216" }, { "type": "WEB", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-4.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-5.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html" }, { "type": "WEB", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" } ], "schema_version": "1.4.0", "severity": [], "summary": "Apache Tomcat Path Traversal Vulnerability" }
gsd-2008-2370
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2008-2370", "description": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "id": "GSD-2008-2370", "references": [ "https://www.suse.com/security/cve/CVE-2008-2370.html", "https://access.redhat.com/errata/RHSA-2010:0602", "https://access.redhat.com/errata/RHSA-2008:1007", "https://access.redhat.com/errata/RHSA-2008:0877", "https://access.redhat.com/errata/RHSA-2008:0864", "https://access.redhat.com/errata/RHSA-2008:0862", "https://access.redhat.com/errata/RHSA-2008:0648", "https://linux.oracle.com/cve/CVE-2008-2370.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2008-2370" ], "details": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "id": "GSD-2008-2370", "modified": "2023-12-13T01:23:00.878114Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-2370", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://secunia.com/advisories/37460", "refsource": "MISC", "url": "http://secunia.com/advisories/37460" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "MISC", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "http://www.vupen.com/english/advisories/2009/3316", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "refsource": "MISC", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "http://secunia.com/advisories/32120", "refsource": "MISC", "url": "http://secunia.com/advisories/32120" }, { "name": "http://secunia.com/advisories/32222", "refsource": "MISC", "url": "http://secunia.com/advisories/32222" }, { "name": "http://secunia.com/advisories/32266", "refsource": "MISC", "url": "http://secunia.com/advisories/32266" }, { "name": "http://secunia.com/advisories/57126", "refsource": "MISC", "url": "http://secunia.com/advisories/57126" }, { "name": "http://support.apple.com/kb/HT3216", "refsource": "MISC", "url": "http://support.apple.com/kb/HT3216" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "refsource": "MISC", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "name": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "http://www.securityfocus.com/bid/31681", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/31681" }, { "name": "http://www.vupen.com/english/advisories/2008/2780", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "http://www.vupen.com/english/advisories/2008/2823", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "name": "http://secunia.com/advisories/31982", "refsource": "MISC", "url": "http://secunia.com/advisories/31982" }, { "name": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "http://secunia.com/advisories/31379", "refsource": "MISC", "url": "http://secunia.com/advisories/31379" }, { "name": "http://secunia.com/advisories/31381", "refsource": "MISC", "url": "http://secunia.com/advisories/31381" }, { "name": "http://secunia.com/advisories/31639", "refsource": "MISC", "url": "http://secunia.com/advisories/31639" }, { "name": "http://secunia.com/advisories/31865", "refsource": "MISC", "url": "http://secunia.com/advisories/31865" }, { "name": "http://secunia.com/advisories/31891", "refsource": "MISC", "url": "http://secunia.com/advisories/31891" }, { "name": "http://secunia.com/advisories/33797", "refsource": "MISC", "url": "http://secunia.com/advisories/33797" }, { "name": "http://secunia.com/advisories/33999", "refsource": "MISC", "url": "http://secunia.com/advisories/33999" }, { "name": "http://secunia.com/advisories/34013", "refsource": "MISC", "url": "http://secunia.com/advisories/34013" }, { "name": "http://www.redhat.com/support/errata/RHSA-2008-0648.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "name": "http://www.redhat.com/support/errata/RHSA-2008-0864.html", "refsource": "MISC", "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "refsource": "MISC", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "name": "http://www.vupen.com/english/advisories/2008/2305", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "name": "http://www.vupen.com/english/advisories/2009/0320", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "name": "http://www.vupen.com/english/advisories/2009/0503", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "name": "http://secunia.com/advisories/35393", "refsource": "MISC", "url": "http://secunia.com/advisories/35393" }, { "name": "http://secunia.com/advisories/36249", "refsource": "MISC", "url": "http://secunia.com/advisories/36249" }, { "name": "http://securityreason.com/securityalert/4099", "refsource": "MISC", "url": "http://securityreason.com/securityalert/4099" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", "refsource": "MISC", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "name": "http://www.securityfocus.com/archive/1/495022/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "name": "http://www.securityfocus.com/bid/30494", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/30494" }, { "name": "http://www.securitytracker.com/id?1020623", "refsource": "MISC", "url": "http://www.securitytracker.com/id?1020623" }, { "name": "http://www.vupen.com/english/advisories/2009/1535", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "name": "http://www.vupen.com/english/advisories/2009/2215", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-2370" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "tags": [], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "tags": [], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "tags": [], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "30494", "refsource": "BID", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/30494" }, { "name": "1020623", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1020623" }, { "name": "31639", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31639" }, { "name": "31379", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31379" }, { "name": "31381", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31381" }, { "name": "RHSA-2008:0648", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html" }, { "name": "MDVSA-2008:188", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" }, { "name": "FEDORA-2008-8130", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" }, { "name": "SUSE-SR:2008:018", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" }, { "name": "FEDORA-2008-8113", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" }, { "name": "31891", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31891" }, { "name": "FEDORA-2008-7977", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" }, { "name": "31865", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31865" }, { "name": "RHSA-2008:0862", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html" }, { "name": "RHSA-2008:0864", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html" }, { "name": "APPLE-SA-2008-10-09", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" }, { "name": "31681", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/31681" }, { "name": "http://support.apple.com/kb/HT3216", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT3216" }, { "name": "32222", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/32222" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "refsource": "CONFIRM", "tags": [], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" }, { "name": "4099", "refsource": "SREASON", "tags": [], "url": "http://securityreason.com/securityalert/4099" }, { "name": "31982", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/31982" }, { "name": "HPSBUX02401", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2" }, { "name": "33797", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/33797" }, { "name": "SUSE-SR:2009:004", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "name": "32120", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/32120" }, { "name": "32266", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/32266" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" }, { "name": "ADV-2009-0503", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/0503" }, { "name": "33999", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/33999" }, { "name": "34013", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/34013" }, { "name": "35393", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/35393" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html" }, { "name": "ADV-2009-1535", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/1535" }, { "name": "ADV-2009-2215", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/2215" }, { "name": "36249", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/36249" }, { "name": "37460", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37460" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "ADV-2008-2780", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/2780" }, { "name": "ADV-2009-0320", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/0320" }, { "name": "ADV-2008-2823", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/2823" }, { "name": "ADV-2008-2305", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2008/2305" }, { "name": "HPSBST02955", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "57126", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/57126" }, { "name": "tomcat-requestdispatcher-info-disclosure(44156)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156" }, { "name": "oval:org.mitre.oval:def:5876", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876" }, { "name": "oval:org.mitre.oval:def:10577", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded" }, { "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2023-02-13T02:19Z", "publishedDate": "2008-08-04T01:41Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.