Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-3546 (GCVE-0-2012-3546)
Vulnerability from cvelistv5 – Published: 2012-12-19 11:00 – Updated: 2024-08-06 20:13
VLAI
EPSS
Summary
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
45 references
Date Public
2012-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT101139",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "1027833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027833"
},
{
"name": "USN-1685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"name": "56812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56812"
},
{
"name": "openSUSE-SU-2012:1700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1377892"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
},
{
"name": "SSRT101182",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
},
{
"name": "RHSA-2013:0192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"name": "RHSA-2013:0198",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"name": "RHSA-2013:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
},
{
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "RHSA-2013:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
},
{
"name": "RHSA-2013:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"name": "RHSA-2013:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"name": "RHSA-2013:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"name": "RHSA-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
},
{
"name": "oval:org.mitre.oval:def:19305",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
},
{
"name": "HPSBMU02873",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
},
{
"name": "RHSA-2013:0193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"name": "RHSA-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
},
{
"name": "51984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "52054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52054"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2013:0146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
},
{
"name": "openSUSE-SU-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"name": "RHSA-2013:0623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "RHSA-2013:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
},
{
"name": "RHSA-2013:0642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"name": "RHSA-2013:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "HPSBUX02866",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "RHSA-2013:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "openSUSE-SU-2012:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "RHSA-2013:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSRT101139",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "1027833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027833"
},
{
"name": "USN-1685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"name": "56812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56812"
},
{
"name": "openSUSE-SU-2012:1700",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1377892"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892"
},
{
"name": "RHSA-2013:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
},
{
"name": "SSRT101182",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
},
{
"name": "RHSA-2013:0192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"name": "RHSA-2013:0198",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"name": "RHSA-2013:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
},
{
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "RHSA-2013:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
},
{
"name": "RHSA-2013:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"name": "RHSA-2013:0221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"name": "RHSA-2013:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"name": "RHSA-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
},
{
"name": "oval:org.mitre.oval:def:19305",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
},
{
"name": "HPSBMU02873",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "RHSA-2013:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
},
{
"name": "RHSA-2013:0193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"name": "RHSA-2013:0157",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
},
{
"name": "51984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "52054",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52054"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "RHSA-2013:0146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
},
{
"name": "openSUSE-SU-2013:0147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"name": "RHSA-2013:0623",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "RHSA-2013:0197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"name": "RHSA-2013:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
},
{
"name": "RHSA-2013:0642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"name": "RHSA-2013:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"name": "HPSBUX02866",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"name": "RHSA-2013:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "openSUSE-SU-2012:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
},
{
"name": "RHSA-2013:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3546",
"datePublished": "2012-12-19T11:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2012-3546",
"date": "2026-05-28",
"epss": "0.02215",
"percentile": "0.84727"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49E3C039-A949-4F1B-892A-57147EECB249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F28C7801-41B9-4552-BA1E-577967BCBBEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25B21085-7259-4685-9D1F-FF98E6489E10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"635EE321-2A1F-4FF8-95BE-0C26591969D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11951A10-39A2-4FF5-8C43-DF94730FB794\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B79F2EA-C893-4359-80EC-24AE38D982E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B6B0504-27C1-4824-A928-A878CBBAB32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D903956B-14F5-4177-AF12-0A5F1846D3C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A61429EE-4331-430C-9830-58DCCBCBCB58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4945C8C1-C71B-448B-9075-07C6C92599CF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F8C62EF-1B67-456A-9C66-755439CF8556\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E9607B-4D28-460D-896B-E4B7FA22441E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A819E245-D641-4F19-9139-6C940504F6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"81A31CA0-A209-4C49-AA06-C38E165E5B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7205475A-6D04-4042-B24E-1DA5A57029B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08022987-B36B-4F63-88A5-A8F59195DF4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AA563BF-A67A-477D-956A-167ABEF885C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF4B7557-EF35-451E-B55D-3296966695AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8980E61E-27BE-4858-82B3-C0E8128AF521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8756BF9B-3E24-4677-87AE-31CE776541F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F194580-EE6D-4E38-87F3-F0661262256B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F74A421-D019-4248-84B8-C70D4D9A8A95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05346F5A-FB52-4376-AAC7-9A5308216545\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"305688F2-50A6-41FB-8614-BC589DB9A789\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25966344-15D5-4101-9346-B06BFD2DFFF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D4F710E-06EA-48F4-AC6A-6F143950F015\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C4936C2-0B2D-4C44-98C3-443090965F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48453405-2319-4327-9F4C-6F70B49452C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4670E65-2E11-49A4-B661-57C2F60D411F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31002A23-4788-4BC7-AE11-A3C2AA31716D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D731065-626B-4425-8E49-F708DD457824\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.\"}, {\"lang\": \"es\", \"value\": \"org/apache/catalina/campo/RealmBase.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.30, cuando se utiliza la autenticaci\\u00f3n de formularios, permite a atacantes remotos evitar restricciones de seguridad aprovech\\u00e1ndose de una llamada setUserPrincipal anterior para luego colocar /j_security_check al final de una URI.\\r\\n\"}]",
"id": "CVE-2012-3546",
"lastModified": "2024-11-21T01:41:06.203",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-12-19T11:55:54.517",
"references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0005.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0146.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0147.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0151.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0157.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0158.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0162.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0163.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0164.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0191.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0192.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0193.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0194.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0195.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0196.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0197.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0198.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0221.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0235.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0623.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0640.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0641.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0642.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/51984\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/52054\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/57126\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1377892\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://tomcat.apache.org/security-6.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/56812\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1027833\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1685-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0146.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0147.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0151.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0157.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0158.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0162.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0163.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0164.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0191.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0192.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0193.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0194.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0195.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0196.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0197.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0198.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0221.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0235.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0623.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0640.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0641.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0642.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/51984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/52054\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/57126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1377892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tomcat.apache.org/security-6.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/56812\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1027833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1685-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-3546\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-12-19T11:55:54.517\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.\"},{\"lang\":\"es\",\"value\":\"org/apache/catalina/campo/RealmBase.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.30, cuando se utiliza la autenticaci\u00f3n de formularios, permite a atacantes remotos evitar restricciones de seguridad aprovech\u00e1ndose de una llamada setUserPrincipal anterior para luego colocar /j_security_check al final de una URI.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B79F2EA-C893-4359-80EC-24AE38D982E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A61429EE-4331-430C-9830-58DCCBCBCB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4945C8C1-C71B-448B-9075-07C6C92599CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0005.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0146.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0147.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0151.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0157.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0158.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0162.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0163.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0164.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0191.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0192.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0193.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0194.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0195.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0196.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0197.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0198.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0221.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0235.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0623.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0640.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0641.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0642.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/51984\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/52054\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1377892\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/56812\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1027833\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1685-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0146.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0147.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0151.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0157.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0158.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0162.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0163.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0164.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0191.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0193.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0194.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0195.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0196.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0197.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0198.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0221.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0235.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0623.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0640.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0641.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0642.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/51984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/52054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892\u0026r2=1377891\u0026pathrev=1377892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1377892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/56812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1685-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2013_0235
Vulnerability from csaf_redhat - Published: 2013-02-04 23:36 - Updated: 2024-11-22 06:03Summary
Red Hat Security Advisory: jbossweb security update
Severity
Important
Notes
Topic: An update for JBoss Enterprise Portal Platform 5.2.2 and JBoss Enterprise
SOA Platform 5.3.0 that fixes one security issue is now available from the
Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details: JBoss Web is a web container based on Apache Tomcat. It provides a single
deployment platform for the JavaServer Pages (JSP) and Java Servlet
technologies.
It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)
Warning: Before applying this update, back up your JBoss installation,
including any databases, database settings, applications, configuration
files, and so on.
All users of JBoss Enterprise Portal Platform 5.2.2 and JBoss Enterprise
SOA Platform 5.3.0 as provided from the Red Hat Customer Portal are advised
to install this update.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5.5 ()
Affected products
Fixed
2 products
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for JBoss Enterprise Portal Platform 5.2.2 and JBoss Enterprise\nSOA Platform 5.3.0 that fixes one security issue is now available from the\nRed Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Web is a web container based on Apache Tomcat. It provides a single\ndeployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nWarning: Before applying this update, back up your JBoss installation,\nincluding any databases, database settings, applications, configuration\nfiles, and so on.\n\nAll users of JBoss Enterprise Portal Platform 5.2.2 and JBoss Enterprise\nSOA Platform 5.3.0 as provided from the Red Hat Customer Portal are advised\nto install this update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0235",
"url": "https://access.redhat.com/errata/RHSA-2013:0235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jbportal\u0026version=5.2.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jbportal\u0026version=5.2.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=soaplatform\u0026version=5.3.0+GA",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=soaplatform\u0026version=5.3.0+GA"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"category": "external",
"summary": "883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0235.json"
}
],
"title": "Red Hat Security Advisory: jbossweb security update",
"tracking": {
"current_release_date": "2024-11-22T06:03:27+00:00",
"generator": {
"date": "2024-11-22T06:03:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0235",
"initial_release_date": "2013-02-04T23:36:00+00:00",
"revision_history": [
{
"date": "2013-02-04T23:36:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-02-04T23:42:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:03:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Portal 5.2",
"product": {
"name": "Red Hat JBoss Portal 5.2",
"product_id": "Red Hat JBoss Portal 5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss SOA Platform 5.3",
"product": {
"name": "Red Hat JBoss SOA Platform 5.3",
"product_id": "Red Hat JBoss SOA Platform 5.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Middleware"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3546",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883634"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Web: Bypass of security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 5.2",
"Red Hat JBoss SOA Platform 5.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3546"
},
{
"category": "external",
"summary": "RHBZ#883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-04T23:36:00+00:00",
"details": "The References section of this erratum contains download links (you must\nlog in to download the update). Before applying this update, back up your\nJBoss installation, including any databases, database settings,\napplications, configuration files, and so on.\n\nFor both JBoss Enterprise Portal Platform and JBoss Enterprise SOA\nPlatform, it is recommended to halt the server by stopping the JBoss\nApplication Server process before installing this update, and then after\ninstalling the update, restart the server by starting the JBoss Application\nServer process.",
"product_ids": [
"Red Hat JBoss Portal 5.2",
"Red Hat JBoss SOA Platform 5.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0235"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 5.2",
"Red Hat JBoss SOA Platform 5.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Web: Bypass of security constraints"
}
]
}
RHSA-2013_0623
Vulnerability from csaf_redhat - Published: 2013-03-11 18:14 - Updated: 2024-11-22 06:21Summary
Red Hat Security Advisory: tomcat6 security update
Severity
Important
Notes
Topic: Updated tomcat6 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details: Apache Tomcat is a servlet container.
It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)
A flaw was found in the way Tomcat handled sendfile operations when using
the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker
could use this flaw to cause a denial of service (infinite loop). The HTTP
blocking IO (BIO) connector, which is not vulnerable to this issue, is used
by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)
Multiple weaknesses were found in the Tomcat DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Users of Tomcat should upgrade to these updated packages, which correct
these issues. Tomcat must be restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5.5 ()
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4.3 ()
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5.0 ()
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5.0 ()
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5.0 ()
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0623",
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"category": "external",
"summary": "873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "883637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883637"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0623.json"
}
],
"title": "Red Hat Security Advisory: tomcat6 security update",
"tracking": {
"current_release_date": "2024-11-22T06:21:00+00:00",
"generator": {
"date": "2024-11-22T06:21:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0623",
"initial_release_date": "2013-03-11T18:14:00+00:00",
"revision_history": [
{
"date": "2013-03-11T18:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-03-11T19:31:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:21:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-52.el6_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.24-52.el6_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-0:6.0.24-52.el6_4.src",
"product": {
"name": "tomcat6-0:6.0.24-52.el6_4.src",
"product_id": "tomcat6-0:6.0.24-52.el6_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.24-52.el6_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Client-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Server-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-52.el6_4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src"
},
"product_reference": "tomcat6-0:6.0.24-52.el6_4.src",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"relates_to_product_reference": "6Workstation-optional-6.4.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3546",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883634"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Web: Bypass of security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3546"
},
{
"category": "external",
"summary": "RHBZ#883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-11T18:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Web: Bypass of security constraints"
},
{
"cve": "CVE-2012-4534",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883637"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat - Denial Of Service when using NIO+SSL+sendfile",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4534"
},
{
"category": "external",
"summary": "RHBZ#883637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4534"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-11T18:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat - Denial Of Service when using NIO+SSL+sendfile"
},
{
"cve": "CVE-2012-5885",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5885"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-11T18:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
},
{
"cve": "CVE-2012-5886",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5886"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-11T18:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
},
{
"cve": "CVE-2012-5887",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5887"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-11T18:14:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0623"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Client-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Client-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6ComputeNode-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6ComputeNode-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Server-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Server-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-0:6.0.24-52.el6_4.src",
"6Workstation-optional-6.4.z:tomcat6-admin-webapps-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-docs-webapp-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-el-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-javadoc-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-jsp-2.1-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-lib-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-servlet-2.5-api-0:6.0.24-52.el6_4.noarch",
"6Workstation-optional-6.4.z:tomcat6-webapps-0:6.0.24-52.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
}
]
}
RHSA-2013_0640
Vulnerability from csaf_redhat - Published: 2013-03-12 17:57 - Updated: 2024-11-22 06:20Summary
Red Hat Security Advisory: tomcat5 security update
Severity
Important
Notes
Topic: Updated tomcat5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details: Apache Tomcat is a servlet container.
It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)
Multiple weaknesses were found in the Tomcat DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Users of Tomcat should upgrade to these updated packages, which correct
these issues. Tomcat must be restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5.5 ()
Affected products
Fixed
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5.0 ()
Affected products
Fixed
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5.0 ()
Affected products
Fixed
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5.0 ()
Affected products
Fixed
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0640",
"url": "https://access.redhat.com/errata/RHSA-2013:0640"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0640.json"
}
],
"title": "Red Hat Security Advisory: tomcat5 security update",
"tracking": {
"current_release_date": "2024-11-22T06:20:53+00:00",
"generator": {
"date": "2024-11-22T06:20:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0640",
"initial_release_date": "2013-03-12T17:57:00+00:00",
"revision_history": [
{
"date": "2013-03-12T17:57:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-03-12T18:07:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:20:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.38.el5_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.38.el5_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.38.el5_9?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.38.el5_9?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.38.el5_9?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"product_id": "tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.38.el5_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"relates_to_product_reference": "5Server-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"relates_to_product_reference": "5Server-5.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3546",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883634"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Web: Bypass of security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3546"
},
{
"category": "external",
"summary": "RHBZ#883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:57:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Web: Bypass of security constraints"
},
{
"cve": "CVE-2012-5885",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5885"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:57:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
},
{
"cve": "CVE-2012-5886",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5886"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:57:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
},
{
"cve": "CVE-2012-5887",
"discovery_date": "2012-11-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873664"
}
],
"notes": [
{
"category": "description",
"text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: three DIGEST authentication implementation issues",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5887"
},
{
"category": "external",
"summary": "RHBZ#873664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887"
}
],
"release_date": "2012-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:57:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0640"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.src",
"5Server-5.9.Z:tomcat5-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-admin-webapps-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-common-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.ppc64",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-debuginfo-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jasper-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-server-lib-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.38.el5_9.x86_64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.i386",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ia64",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.ppc",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.s390x",
"5Server-5.9.Z:tomcat5-webapps-0:5.5.23-0jpp.38.el5_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: three DIGEST authentication implementation issues"
}
]
}
RHSA-2013_0641
Vulnerability from csaf_redhat - Published: 2013-03-12 17:55 - Updated: 2024-11-22 06:14Summary
Red Hat Security Advisory: tomcat5 security update
Severity
Important
Notes
Topic: Updated tomcat5 packages that fix one security issue are now available for
JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details: Apache Tomcat is a servlet container.
It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)
Warning: Before applying the update, back up your existing JBoss Enterprise
Web Server installation (including all applications and configuration
files).
Users of Tomcat should upgrade to these updated packages, which resolve
this issue. Tomcat must be restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5.5 ()
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-1:tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat5 packages that fix one security issue are now available for\nJBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthis issue. Tomcat must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0641",
"url": "https://access.redhat.com/errata/RHSA-2013:0641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0641.json"
}
],
"title": "Red Hat Security Advisory: tomcat5 security update",
"tracking": {
"current_release_date": "2024-11-22T06:14:55+00:00",
"generator": {
"date": "2024-11-22T06:14:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0641",
"initial_release_date": "2013-03-12T17:55:00+00:00",
"revision_history": [
{
"date": "2013-03-12T17:55:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-03-12T17:57:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:14:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-eclipse@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-parent@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.33-31_patch_08.ep5.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-parent@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-eclipse@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_id": "tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.33-34_patch_08.ep5.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"product": {
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"product_id": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.33-31_patch_08.ep5.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"product": {
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"product_id": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.33-34_patch_08.ep5.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.src"
},
"product_reference": "tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
"product_id": "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-5.0.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.src"
},
"product_reference": "tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server",
"product_id": "6Server-JBEWS-1:tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3546",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883634"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Web: Bypass of security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"6Server-JBEWS-1:tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3546"
},
{
"category": "external",
"summary": "RHBZ#883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:55:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"6Server-JBEWS-1:tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0641"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-0:5.5.33-31_patch_08.ep5.el5.src",
"5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-31_patch_08.ep5.el5.noarch",
"5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.33-31_patch_08.ep5.el5.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-0:5.5.33-34_patch_08.ep5.el6.src",
"6Server-JBEWS-1:tomcat5-admin-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-common-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-eclipse-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jasper-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-jsp-2.0-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-parent-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-server-lib-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-servlet-2.4-api-javadoc-0:5.5.33-34_patch_08.ep5.el6.noarch",
"6Server-JBEWS-1:tomcat5-webapps-0:5.5.33-34_patch_08.ep5.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Web: Bypass of security constraints"
}
]
}
RHSA-2013_0642
Vulnerability from csaf_redhat - Published: 2013-03-12 17:56 - Updated: 2024-11-22 06:14Summary
Red Hat Security Advisory: tomcat5 security update
Severity
Important
Notes
Topic: An update for the Apache Tomcat 5 component for JBoss Enterprise Web Server
1.0.2 that fixes one security issue is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details: Apache Tomcat is a servlet container.
It was found that when an application used FORM authentication, along with
another component that calls request.setUserPrincipal() before the call to
FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was
possible to bypass the security constraint checks in the FORM authenticator
by appending "/j_security_check" to the end of a URL. A remote attacker
with an authenticated session on an affected application could use this
flaw to circumvent authorization controls, and thereby access resources not
permitted by the roles associated with their authenticated session.
(CVE-2012-3546)
Warning: Before applying the update, back up your existing JBoss Enterprise
Web Server installation (including all applications and configuration
files).
All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat
Customer Portal are advised to apply this update.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 1.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:1.0.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the Apache Tomcat 5 component for JBoss Enterprise Web Server\n1.0.2 that fixes one security issue is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0642",
"url": "https://access.redhat.com/errata/RHSA-2013:0642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2"
},
{
"category": "external",
"summary": "883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0642.json"
}
],
"title": "Red Hat Security Advisory: tomcat5 security update",
"tracking": {
"current_release_date": "2024-11-22T06:14:59+00:00",
"generator": {
"date": "2024-11-22T06:14:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0642",
"initial_release_date": "2013-03-12T17:56:00+00:00",
"revision_history": [
{
"date": "2013-03-12T17:56:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:46:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:14:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 1.0",
"product": {
"name": "Red Hat JBoss Web Server 1.0",
"product_id": "Red Hat JBoss Web Server 1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1.0.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3546",
"discovery_date": "2012-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "883634"
}
],
"notes": [
{
"category": "description",
"text": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Web: Bypass of security constraints",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3546"
},
{
"category": "external",
"summary": "RHBZ#883634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
}
],
"release_date": "2012-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-12T17:56:00+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files).\n\nTomcat must be restarted for this update to take effect.",
"product_ids": [
"Red Hat JBoss Web Server 1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0642"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Web: Bypass of security constraints"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…