Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12615 (GCVE-0-2017-12615)
Vulnerability from cvelistv5 – Published: 2017-09-19 13:00 – Updated: 2025-10-21 23:55
VLAI?
EPSS
CISA KEV
Summary
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Severity ?
8.1 (High)
CWE
- Remote Code Execution
Assigner
References
19 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
7.0.0 to 7.0.79
|
Date Public ?
2017-09-19 00:00
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: cd55b5b8-d66d-4908-9d35-fee03a2ce3e8
Exploited: Yes
Timestamps
First Seen: 2022-03-25
Asserted: 2022-03-25
Scope
Notes: KEV entry: Apache Tomcat on Windows Remote Code Execution Vulnerability | Affected: Apache / Tomcat | Description: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12615
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-434 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Tomcat |
| Due Date | 2022-04-15 |
| Date Added | 2022-03-25 |
| Vendorproject | Apache |
| Vulnerabilityname | Apache Tomcat on Windows Remote Code Execution Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name": "1039392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039392"
},
{
"name": "[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"name": "RHSA-2018:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "100901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100901"
},
{
"name": "RHSA-2018:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "42953",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"name": "RHSA-2017:3081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-12615",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T20:59:29.584407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:34.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2017-12615 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.0 to 7.0.79"
}
]
}
],
"datePublic": "2017-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:06:07.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "RHSA-2017:3113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3080",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name": "1039392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039392"
},
{
"name": "[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"name": "RHSA-2018:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"name": "RHSA-2017:3114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "100901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100901"
},
{
"name": "RHSA-2018:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "42953",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"name": "RHSA-2017:3081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-19T00:00:00",
"ID": "CVE-2017-12615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "7.0.0 to 7.0.79"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3080",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name": "1039392",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039392"
},
{
"name": "[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html",
"refsource": "MISC",
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "100901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100901"
},
{
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "42953",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171018-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"name": "https://github.com/breaktoprotect/CVE-2017-12615",
"refsource": "MISC",
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"name": "RHSA-2017:3081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12615",
"datePublished": "2017-09-19T13:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:34.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2017-12615",
"cwes": "[\"CWE-434\"]",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"product": "Tomcat",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"vendorProject": "Apache",
"vulnerabilityName": "Apache Tomcat on Windows Remote Code Execution Vulnerability"
},
"epss": {
"cve": "CVE-2017-12615",
"date": "2026-05-22",
"epss": "0.94198",
"percentile": "0.99923"
},
"fkie_nvd": {
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apache Tomcat on Windows Remote Code Execution Vulnerability",
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.79\", \"matchCriteriaId\": \"0A3F5425-BA5F-411C-BA1D-FFC3D2EBF93D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD81527-A341-42C3-9AB9-880D3DB04B08\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3A36AEE-5842-4876-9C2F-E703C981C992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB70A2F8-EAB3-4898-9353-F679FF721C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB3AC848-C2D0-4878-8619-F5815173555D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"681173DF-537E-4A64-8FC7-75F439CCAD0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E2F2F98-DB90-43F6-8F28-3656207B6188\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F96E3779-F56A-45FF-BB3D-4980527D721E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83737173-E12E-4641-BC49-0BD84A6B29D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46DD0CA2-3786-4E97-A60C-5043FDDBCB86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55E4609A-C986-4041-A528-1B4B37E1F6F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BDD126-A468-47D9-A468-6E229D75939D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DAA8C42-870A-42B4-AE9F-7C67F4122ED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2148300C-ECBD-4ED5-A164-79629859DD43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B908AEF5-67CE-42D4-961D-C0E7ADB78ADD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F8EB695-5EA3-46D2-941E-D7F01AB99A48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BCF87FD-9358-42A5-9917-25DF0180A5A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B8B2E32-B838-4E51-BAA2-764089D2A684\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4319B943-7B19-468D-A160-5895F7F997A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8036E2AE-4E44-4FA5-AFFB-A3724BFDD654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A584AAA-A14F-4C64-8FED-675DC36F69A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9A24D0C-604D-4421-AFA6-5D541DA2E94D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A2E3637-B6A6-4DA9-8B0A-E91F22130A45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F81F859C-DA89-4D1E-91D3-A000AD646203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"418488A5-2912-406C-9337-B8E85D0C2B57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37CE1DC7-72C5-483C-8921-0B462C8284D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A70DB420-5485-4820-9F1C-3F78A6219984\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9942F96-A8C1-4281-82C5-BB9D9C50A6CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5325286E-F11D-4713-B666-5D7A4F65B326\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC6A25CB-907A-4D05-8460-A2488938A8BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\"}, {\"lang\": \"es\", \"value\": \"Cuando se ejecuta Apache Tomcat en sus versiones 7.0.0 a 7.0.79 en Windows con HTTP PUT habilitado (por ejemplo, estableciendo el par\\u00e1metro de inicializaci\\u00f3n de solo lectura del Default en \\\"false\\\") fue posible subir un archivo JSP al servidor mediante una petici\\u00f3n especialmente manipulada. Este archivo JSP podr\\u00eda ser solicitado y cualquier c\\u00f3digo que contenga podr\\u00eda ser ejecutado por el servidor.\"}]",
"id": "CVE-2017-12615",
"lastModified": "2024-11-21T03:09:53.973",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-09-19T13:29:00.190",
"references": "[{\"url\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/100901\", \"source\": \"security@apache.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039392\", \"source\": \"security@apache.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3080\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3081\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3113\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3114\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0465\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0466\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42953/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/100901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3080\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0465\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0466\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42953/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12615\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-09-19T13:29:00.190\",\"lastModified\":\"2026-04-21T17:04:04.283\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\"},{\"lang\":\"es\",\"value\":\"Cuando se ejecuta Apache Tomcat en sus versiones 7.0.0 a 7.0.79 en Windows con HTTP PUT habilitado (por ejemplo, estableciendo el par\u00e1metro de inicializaci\u00f3n de solo lectura del Default en \\\"false\\\") fue posible subir un archivo JSP al servidor mediante una petici\u00f3n especialmente manipulada. Este archivo JSP podr\u00eda ser solicitado y cualquier c\u00f3digo que contenga podr\u00eda ser ejecutado por el servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apache Tomcat on Windows Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.79\",\"matchCriteriaId\":\"0A3F5425-BA5F-411C-BA1D-FFC3D2EBF93D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EF6650C-558D-45C8-AE7D-136EE70CB6D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD81527-A341-42C3-9AB9-880D3DB04B08\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A36AEE-5842-4876-9C2F-E703C981C992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB70A2F8-EAB3-4898-9353-F679FF721C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3AC848-C2D0-4878-8619-F5815173555D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"681173DF-537E-4A64-8FC7-75F439CCAD0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F2F98-DB90-43F6-8F28-3656207B6188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46DD0CA2-3786-4E97-A60C-5043FDDBCB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E4609A-C986-4041-A528-1B4B37E1F6F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BDD126-A468-47D9-A468-6E229D75939D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DAA8C42-870A-42B4-AE9F-7C67F4122ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2148300C-ECBD-4ED5-A164-79629859DD43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B908AEF5-67CE-42D4-961D-C0E7ADB78ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8EB695-5EA3-46D2-941E-D7F01AB99A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BCF87FD-9358-42A5-9917-25DF0180A5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B8B2E32-B838-4E51-BAA2-764089D2A684\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4319B943-7B19-468D-A160-5895F7F997A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8036E2AE-4E44-4FA5-AFFB-A3724BFDD654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A584AAA-A14F-4C64-8FED-675DC36F69A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9A24D0C-604D-4421-AFA6-5D541DA2E94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2E3637-B6A6-4DA9-8B0A-E91F22130A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81F859C-DA89-4D1E-91D3-A000AD646203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"418488A5-2912-406C-9337-B8E85D0C2B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37CE1DC7-72C5-483C-8921-0B462C8284D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70DB420-5485-4820-9F1C-3F78A6219984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9942F96-A8C1-4281-82C5-BB9D9C50A6CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5325286E-F11D-4713-B666-5D7A4F65B326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC6A25CB-907A-4D05-8460-A2488938A8BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/100901\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039392\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3080\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3081\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3113\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3114\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0465\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0466\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/breaktoprotect/CVE-2017-12615\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171018-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42953/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/100901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/breaktoprotect/CVE-2017-12615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171018-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/42953/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2017:3113\", \"name\": \"RHSA-2017:3113\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3080\", \"name\": \"RHSA-2017:3080\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1039392\", \"name\": \"1039392\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0465\", \"name\": \"RHSA-2018:0465\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3114\", \"name\": \"RHSA-2017:3114\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/100901\", \"name\": \"100901\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0466\", \"name\": \"RHSA-2018:0466\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42953/\", \"name\": \"42953\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3081\", \"name\": \"RHSA-2017:3081\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20200131 Apache Software Foundation Security Report: 2019\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T18:43:56.420Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-12615\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T20:59:29.584407Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00.000Z\", \"value\": \"CVE-2017-12615 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T20:59:16.267Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0 to 7.0.79\"}]}], \"datePublic\": \"2017-09-19T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2017:3113\", \"name\": \"RHSA-2017:3113\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3080\", \"name\": \"RHSA-2017:3080\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securitytracker.com/id/1039392\", \"name\": \"1039392\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0465\", \"name\": \"RHSA-2018:0465\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3114\", \"name\": \"RHSA-2017:3114\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securityfocus.com/bid/100901\", \"name\": \"100901\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0466\", \"name\": \"RHSA-2018:0466\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.exploit-db.com/exploits/42953/\", \"name\": \"42953\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3081\", \"name\": \"RHSA-2017:3081\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20200131 Apache Software Foundation Security Report: 2019\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2020-02-13T16:06:07.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"7.0.0 to 7.0.79\"}]}, \"product_name\": \"Apache Tomcat\"}]}, \"vendor_name\": \"Apache Software Foundation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2017:3113\", \"name\": \"RHSA-2017:3113\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3080\", \"name\": \"RHSA-2017:3080\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securitytracker.com/id/1039392\", \"name\": \"1039392\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"name\": \"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0465\", \"name\": \"RHSA-2018:0465\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"name\": \"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3114\", \"name\": \"RHSA-2017:3114\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securityfocus.com/bid/100901\", \"name\": \"100901\", \"refsource\": \"BID\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0466\", \"name\": \"RHSA-2018:0466\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.exploit-db.com/exploits/42953/\", \"name\": \"42953\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20171018-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"name\": \"https://github.com/breaktoprotect/CVE-2017-12615\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3081\", \"name\": \"RHSA-2017:3081\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20200131 Apache Software Foundation Security Report: 2019\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Remote Code Execution\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-12615\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@apache.org\", \"DATE_PUBLIC\": \"2017-09-19T00:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2017-12615\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:34.335Z\", \"dateReserved\": \"2017-08-07T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2017-09-19T13:00:00.000Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2017-AVI-314
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apache Tomcat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apache Tomcat versions antérieures à 7.0.81
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApache Tomcat versions ant\u00e9rieures \u00e0 7.0.81\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"name": "CVE-2017-12616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12616"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12615 du 19 septembre 2017",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3cde541c4a-55b1-a4d3-4fbe-f8e3800b920f@apache.org%3e"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12616 du 19 septembre 2017",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3c16df1f59-ea31-0789-f0c8-5432c60de8fc@apache.org%3e"
}
],
"reference": "CERTFR-2017-AVI-314",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApache Tomcat\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12615 du 19 septembre 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12616 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-314
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Apache Tomcat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apache Tomcat versions antérieures à 7.0.81
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eApache Tomcat versions ant\u00e9rieures \u00e0 7.0.81\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"name": "CVE-2017-12616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12616"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12615 du 19 septembre 2017",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3cde541c4a-55b1-a4d3-4fbe-f8e3800b920f@apache.org%3e"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12616 du 19 septembre 2017",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3c16df1f59-ea31-0789-f0c8-5432c60de8fc@apache.org%3e"
}
],
"reference": "CERTFR-2017-AVI-314",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApache Tomcat\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12615 du 19 septembre 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache CVE-2017-12616 du 19 septembre 2017",
"url": null
}
]
}
CNVD-2017-27472
Vulnerability from cnvd - Published: 2017-09-20
VLAI Severity ?
Title
Apache Tomcat远程代码执行漏洞(CNVD-2017-27472)
Description
Apache Tomcat是美国阿帕奇(Apache)软件基金会下属的Jakarta项目的一款轻量级Web应用服务器,它主要用于开发和调试JSP程序,适用于中小型系统。
Apache Tomcat 7.0.0到7.0.79版本中存在远程代码执行漏洞,当Tomcat运行在Windows主机上,且启用了 HTTP PUT 请求方法时,攻击者可通过精心构造的攻击请求向服务器上传包含任意代码的JSP文件,文件中的代码被服务器执行。
Severity
高
Patch Name
Apache Tomcat远程代码执行漏洞(CNVD-2017-27472)的补丁
Patch Description
Apache Tomcat是美国阿帕奇(Apache)软件基金会下属的Jakarta项目的一款轻量级Web应用服务器,它主要用于开发和调试JSP程序,适用于中小型系统。
Apache Tomcat 7.0.0到7.0.79版本中存在远程代码执行漏洞,当Tomcat运行在Windows主机上,且启用了 HTTP PUT 请求方法时,攻击者可通过精心构造的攻击请求向服务器上传包含任意代码的JSP文件,文件中的代码被服务器执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
升级至 Apache Tomcat 7.0.81 版本,请到厂商的主页下载: http://tomcat.apache.org/download-70.cgi#7.0.81
Reference
http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3cde541c4a-55b1-a4d3-4fbe-f8e3800b920f@apache.org%3e
Impacted products
| Name | Apache Tomcat >=7.0.0,<=7.0.79 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12615"
}
},
"description": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u4e0b\u5c5e\u7684Jakarta\u9879\u76ee\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5f00\u53d1\u548c\u8c03\u8bd5JSP\u7a0b\u5e8f\uff0c\u9002\u7528\u4e8e\u4e2d\u5c0f\u578b\u7cfb\u7edf\u3002 \r\n\r\nApache Tomcat 7.0.0\u52307.0.79\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u5f53Tomcat\u8fd0\u884c\u5728Windows\u4e3b\u673a\u4e0a\uff0c\u4e14\u542f\u7528\u4e86 HTTP PUT \u8bf7\u6c42\u65b9\u6cd5\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684\u653b\u51fb\u8bf7\u6c42\u5411\u670d\u52a1\u5668\u4e0a\u4f20\u5305\u542b\u4efb\u610f\u4ee3\u7801\u7684JSP\u6587\u4ef6\uff0c\u6587\u4ef6\u4e2d\u7684\u4ee3\u7801\u88ab\u670d\u52a1\u5668\u6267\u884c\u3002",
"discovererName": "360-sg-lab (360\u89c2\u661f\u5b9e\u9a8c\u5ba4)",
"formalWay": "\u5347\u7ea7\u81f3 Apache Tomcat 7.0.81 \u7248\u672c\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tomcat.apache.org/download-70.cgi#7.0.81",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-27472",
"openTime": "2017-09-20",
"patchDescription": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u4e0b\u5c5e\u7684Jakarta\u9879\u76ee\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5f00\u53d1\u548c\u8c03\u8bd5JSP\u7a0b\u5e8f\uff0c\u9002\u7528\u4e8e\u4e2d\u5c0f\u578b\u7cfb\u7edf\u3002 \r\n\r\nApache Tomcat 7.0.0\u52307.0.79\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u5f53Tomcat\u8fd0\u884c\u5728Windows\u4e3b\u673a\u4e0a\uff0c\u4e14\u542f\u7528\u4e86 HTTP PUT \u8bf7\u6c42\u65b9\u6cd5\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u7684\u653b\u51fb\u8bf7\u6c42\u5411\u670d\u52a1\u5668\u4e0a\u4f20\u5305\u542b\u4efb\u610f\u4ee3\u7801\u7684JSP\u6587\u4ef6\uff0c\u6587\u4ef6\u4e2d\u7684\u4ee3\u7801\u88ab\u670d\u52a1\u5668\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Tomcat\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-27472\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache Tomcat \u003e=7.0.0\uff0c\u003c=7.0.79"
},
"referenceLink": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3cde541c4a-55b1-a4d3-4fbe-f8e3800b920f@apache.org%3e",
"serverity": "\u9ad8",
"submitTime": "2017-09-20",
"title": "Apache Tomcat\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-27472\uff09"
}
FKIE_CVE-2017-12615
Vulnerability from fkie_nvd - Published: 2017-09-19 13:29 - Updated: 2026-04-21 17:04
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
References
Impacted products
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apache Tomcat on Windows Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3F5425-BA5F-411C-BA1D-FFC3D2EBF93D",
"versionEndIncluding": "7.0.79",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A36AEE-5842-4876-9C2F-E703C981C992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB70A2F8-EAB3-4898-9353-F679FF721C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AC848-C2D0-4878-8619-F5815173555D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "681173DF-537E-4A64-8FC7-75F439CCAD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46DD0CA2-3786-4E97-A60C-5043FDDBCB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55E4609A-C986-4041-A528-1B4B37E1F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92BDD126-A468-47D9-A468-6E229D75939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAA8C42-870A-42B4-AE9F-7C67F4122ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "B908AEF5-67CE-42D4-961D-C0E7ADB78ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8EB695-5EA3-46D2-941E-D7F01AB99A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A24D0C-604D-4421-AFA6-5D541DA2E94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "3A2E3637-B6A6-4DA9-8B0A-E91F22130A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "F81F859C-DA89-4D1E-91D3-A000AD646203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "A70DB420-5485-4820-9F1C-3F78A6219984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "D9942F96-A8C1-4281-82C5-BB9D9C50A6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "5325286E-F11D-4713-B666-5D7A4F65B326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
},
{
"lang": "es",
"value": "Cuando se ejecuta Apache Tomcat en sus versiones 7.0.0 a 7.0.79 en Windows con HTTP PUT habilitado (por ejemplo, estableciendo el par\u00e1metro de inicializaci\u00f3n de solo lectura del Default en \"false\") fue posible subir un archivo JSP al servidor mediante una petici\u00f3n especialmente manipulada. Este archivo JSP podr\u00eda ser solicitado y cualquier c\u00f3digo que contenga podr\u00eda ser ejecutado por el servidor."
}
],
"id": "CVE-2017-12615",
"lastModified": "2026-04-21T17:04:04.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2017-09-19T13:29:00.190",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit"
],
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100901"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039392"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-PJFR-QF3P-3Q25
Vulnerability from github – Published: 2018-10-17 16:30 – Updated: 2025-10-22 17:31
VLAI?
Summary
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
Details
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.79"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-12615"
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:49:21Z",
"nvd_published_at": "2017-09-19T13:29:00Z",
"severity": "HIGH"
},
"details": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"id": "GHSA-pjfr-qf3p-3q25",
"modified": "2025-10-22T17:31:15Z",
"published": "2018-10-17T16:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"type": "WEB",
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42953"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12615"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20171018-0001"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pjfr-qf3p-3q25"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"type": "WEB",
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100901"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
"type": "CVSS_V3"
}
],
"summary": "When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server"
}
GSD-2017-12615
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12615",
"description": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"id": "GSD-2017-12615",
"references": [
"https://www.suse.com/security/cve/CVE-2017-12615.html",
"https://access.redhat.com/errata/RHSA-2018:0466",
"https://access.redhat.com/errata/RHSA-2018:0465",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3081",
"https://access.redhat.com/errata/RHSA-2017:3080",
"https://linux.oracle.com/cve/CVE-2017-12615.html",
"https://packetstormsecurity.com/files/cve/CVE-2017-12615"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12615"
],
"details": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"id": "GSD-2017-12615",
"modified": "2023-12-13T01:21:04.099469Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2017-12615",
"dateAdded": "2022-03-25",
"dueDate": "2022-04-15",
"product": "Tomcat",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"vendorProject": "Apache",
"vulnerabilityName": "Apache Tomcat on Windows Remote Code Execution Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-19T00:00:00",
"ID": "CVE-2017-12615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "7.0.0 to 7.0.79"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3080",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name": "1039392",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039392"
},
{
"name": "[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html",
"refsource": "MISC",
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "100901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100901"
},
{
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "42953",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171018-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"name": "https://github.com/breaktoprotect/CVE-2017-12615",
"refsource": "MISC",
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"name": "RHSA-2017:3081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[7.0.0,7.0.79)",
"affected_versions": "All versions starting from 7.0.0 before 7.0.79",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-434",
"CWE-78",
"CWE-937"
],
"date": "2021-09-16",
"description": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"fixed_versions": [
"7.0.79"
],
"identifier": "CVE-2017-12615",
"identifiers": [
"GHSA-pjfr-qf3p-3q25",
"CVE-2017-12615"
],
"not_impacted": "All versions before 7.0.0, all versions starting from 7.0.79",
"package_slug": "maven/org.apache.tomcat.embed/tomcat-embed-core",
"pubdate": "2018-10-17",
"solution": "Upgrade to version 7.0.79 or above.",
"title": "Unrestricted Upload of File with Dangerous Type",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"https://access.redhat.com/errata/RHSA-2017:3080",
"https://access.redhat.com/errata/RHSA-2017:3081",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2018:0465",
"https://access.redhat.com/errata/RHSA-2018:0466",
"https://github.com/advisories/GHSA-pjfr-qf3p-3q25",
"https://github.com/breaktoprotect/CVE-2017-12615",
"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E",
"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20171018-0001/",
"https://www.exploit-db.com/exploits/42953/",
"https://www.synology.com/support/security/Synology_SA_17_54_Tomcat",
"http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html",
"http://www.securityfocus.com/bid/100901",
"http://www.securitytracker.com/id/1039392"
],
"uuid": "2a2e7bcc-71bf-4a70-802e-d35eab6fc19e"
},
{
"affected_range": "[7.0,7.0.51],[7.0.54,7.0.77],[7.0.79]",
"affected_versions": "All versions starting from 7.0 up to 7.0.51, all versions starting from 7.0.54 up to 7.0.77, version 7.0.79",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-434",
"CWE-937"
],
"date": "2019-04-15",
"description": "When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
"fixed_versions": [
"7.0.52",
"7.0.78",
"7.0.81"
],
"identifier": "CVE-2017-12615",
"identifiers": [
"CVE-2017-12615"
],
"not_impacted": "All versions before 7.0, all versions after 7.0.51 before 7.0.54, all versions after 7.0.77 before 7.0.79, all versions after 7.0.79",
"package_slug": "maven/org.apache.tomcat/tomcat-catalina",
"pubdate": "2017-09-19",
"solution": "Upgrade to versions 7.0.52, 7.0.78, 7.0.81 or above.",
"title": "Unrestricted Upload of File with Dangerous Type",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"http://www.securityfocus.com/bid/100901",
"http://www.securitytracker.com/id/1039392"
],
"uuid": "a8f001eb-f498-4ec7-997a-0c5cc4df7ae8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-12615"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20170919 [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload",
"refsource": "MLIST",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "1039392",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039392"
},
{
"name": "100901",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100901"
},
{
"name": "42953",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/42953/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171018-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20171018-0001/"
},
{
"name": "https://github.com/breaktoprotect/CVE-2017-12615",
"refsource": "MISC",
"tags": [],
"url": "https://github.com/breaktoprotect/CVE-2017-12615"
},
{
"name": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html",
"refsource": "MISC",
"tags": [],
"url": "http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html"
},
{
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name": "RHSA-2017:3081",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"name": "RHSA-2017:3080",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.synology.com/support/security/Synology_SA_17_54_Tomcat"
},
{
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-04-15T16:30Z",
"publishedDate": "2017-09-19T13:29Z"
}
}
}
RHSA-2017:3080
Vulnerability from csaf_redhat - Published: 2017-10-30 00:15 - Updated: 2026-05-13 01:30Summary
Red Hat Security Advisory: tomcat6 security update
Severity
Important
Notes
Topic: An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.
7.5 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* A vulnerability was discovered in Tomcat\u0027s handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3080",
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1441205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441205"
},
{
"category": "external",
"summary": "1459158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459158"
},
{
"category": "external",
"summary": "1461851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461851"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3080.json"
}
],
"title": "Red Hat Security Advisory: tomcat6 security update",
"tracking": {
"current_release_date": "2026-05-13T01:30:00+00:00",
"generator": {
"date": "2026-05-13T01:30:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:3080",
"initial_release_date": "2017-10-30T00:15:02+00:00",
"revision_history": [
{
"date": "2017-10-30T00:15:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-30T00:15:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-13T01:30:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-111.el6_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-111.el6_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-0:6.0.24-111.el6_9.src",
"product": {
"name": "tomcat6-0:6.0.24-111.el6_9.src",
"product_id": "tomcat6-0:6.0.24-111.el6_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.24-111.el6_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
"product_id": "6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Client-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6ComputeNode-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.24-111.el6_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src"
},
"product_reference": "tomcat6-0:6.0.24-111.el6_9.src",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
"product_id": "6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"relates_to_product_reference": "6Workstation-optional-6.9.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5647",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1441205"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat\u0027s handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Incorrect handling of pipelined requests when send file was used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5647"
},
{
"category": "external",
"summary": "RHBZ#1441205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5647"
}
],
"release_date": "2017-04-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:15:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"category": "workaround",
"details": "The AJP connector does not support the sendfile capability. A server configured to only use the AJP connector (disable HTTP Connector) is not affected by this vulnerability.\n\nDisable the sendfile capability by setting useSendfile=\"false\" in the HTTP connector configuration. Note: Disabling sendfile, may impact performance on large files.",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Incorrect handling of pipelined requests when send file was used"
},
{
"cve": "CVE-2017-5664",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2017-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1459158"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in the error page mechanism in Tomcat\u0027s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security constrained bypass in error page mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can be triggered for static error pages only if the readonly property for the DefaultServlet is set to false in the $CATALINA_HOME/conf/web.xml file. The default for readonly is true.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5664"
},
{
"category": "external",
"summary": "RHBZ#1459158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5664"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15"
}
],
"release_date": "2017-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:15:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"category": "workaround",
"details": "If it is necessary to have the DefaultServlet property readonly=false, use a jsp error page, for example Error404.jsp rather than a static html error page. Alternatively do not specify an error-page in the Deployment Descriptor and use a custom ErrorReportValve.",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Security constrained bypass in error page mechanism"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:15:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:15:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3080"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Client-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Client-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6ComputeNode-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6ComputeNode-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Server-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Server-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-0:6.0.24-111.el6_9.src",
"6Workstation-optional-6.9.z:tomcat6-admin-webapps-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-docs-webapp-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-el-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-javadoc-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-lib-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9.noarch",
"6Workstation-optional-6.9.z:tomcat6-webapps-0:6.0.24-111.el6_9.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
RHSA-2017:3081
Vulnerability from csaf_redhat - Published: 2017-10-30 00:26 - Updated: 2026-05-13 01:30Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
* A vulnerability was discovered in Tomcat where the CORS Filter did not send a "Vary: Origin" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
7.5 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was discovered in Tomcat where the CORS Filter did not send a "Vary: Origin" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches.
5.9 (Medium)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* A vulnerability was discovered in Tomcat\u0027s handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)\n\n* A vulnerability was discovered in Tomcat where the CORS Filter did not send a \"Vary: Origin\" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3081",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1441205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441205"
},
{
"category": "external",
"summary": "1480618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480618"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3081.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-13T01:30:00+00:00",
"generator": {
"date": "2026-05-13T01:30:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2017:3081",
"initial_release_date": "2017-10-30T00:26:54+00:00",
"revision_history": [
{
"date": "2017-10-30T00:26:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-10-30T00:26:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-13T01:30:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.76-3.el7_4.src",
"product": {
"name": "tomcat-0:7.0.76-3.el7_4.src",
"product_id": "tomcat-0:7.0.76-3.el7_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.76-3.el7_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-javadoc@7.0.76-3.el7_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"product": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"product_id": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsvc@7.0.76-3.el7_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Client-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Server-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.76-3.el7_4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src"
},
"product_reference": "tomcat-0:7.0.76-3.el7_4.src",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-lib-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.76-3.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"relates_to_product_reference": "7Workstation-optional-7.4.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5647",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2017-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1441205"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat\u0027s handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Incorrect handling of pipelined requests when send file was used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5647"
},
{
"category": "external",
"summary": "RHBZ#1441205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5647"
}
],
"release_date": "2017-04-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"category": "workaround",
"details": "The AJP connector does not support the sendfile capability. A server configured to only use the AJP connector (disable HTTP Connector) is not affected by this vulnerability.\n\nDisable the sendfile capability by setting useSendfile=\"false\" in the HTTP connector configuration. Note: Disabling sendfile, may impact performance on large files.",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Incorrect handling of pipelined requests when send file was used"
},
{
"cve": "CVE-2017-7674",
"discovery_date": "2017-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1480618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where the CORS Filter did not send a \"Vary: Origin\" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Vary header not added by CORS filter leading to cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7674"
},
{
"category": "external",
"summary": "RHBZ#1480618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7674"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
}
],
"release_date": "2017-08-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Vary header not added by CORS filter leading to cache poisoning"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-10-30T00:26:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Client-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Client-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7ComputeNode-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7ComputeNode-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Server-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Server-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-0:7.0.76-3.el7_4.src",
"7Workstation-optional-7.4.Z:tomcat-admin-webapps-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-docs-webapp-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-el-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-javadoc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsp-2.2-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-jsvc-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-lib-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-servlet-3.0-api-0:7.0.76-3.el7_4.noarch",
"7Workstation-optional-7.4.Z:tomcat-webapps-0:7.0.76-3.el7_4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
RHSA-2017:3113
Vulnerability from csaf_redhat - Published: 2017-11-02 19:15 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
7.5 (High)
Affected products
Fixed
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
4.8 (Medium)
Affected products
Fixed
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
5.9 (Medium)
Affected products
Fixed
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
99 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
40 references
Acknowledgments
OpenVPN
Inria
Karthikeyan Bhargavan
Gaëtan Leurent
Hanno Böck
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3113",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3227901",
"url": "https://access.redhat.com/articles/3227901"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1493075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3113.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update",
"tracking": {
"current_release_date": "2026-05-14T22:23:49+00:00",
"generator": {
"date": "2026-05-14T22:23:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:3113",
"initial_release_date": "2017-11-02T19:15:44+00:00",
"revision_history": [
{
"date": "2017-11-02T19:15:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-02T19:15:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_id": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_id": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product": {
"name": "httpd-0:2.2.26-57.ep6.el6.src",
"product_id": "httpd-0:2.2.26-57.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_id": "httpd22-0:2.2.26-58.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.i386",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64"
},
"product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64"
},
"product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64"
},
"product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src"
},
"product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src"
},
"product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:15:44+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src",
"6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src",
"6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686",
"6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src",
"6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386",
"6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386",
"6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src",
"7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src",
"7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src",
"7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src",
"7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
RHSA-2017:3114
Vulnerability from csaf_redhat - Published: 2017-11-02 19:04 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Users of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Böck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
42 references
Acknowledgments
OpenVPN
Inria
Karthikeyan Bhargavan
Gaëtan Leurent
Hanno Böck
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3114",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3227901",
"url": "https://access.redhat.com/articles/3227901"
},
{
"category": "external",
"summary": "1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "1493075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075"
},
{
"category": "external",
"summary": "1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "1497953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497953"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3114.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update",
"tracking": {
"current_release_date": "2026-05-14T22:23:48+00:00",
"generator": {
"date": "2026-05-14T22:23:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:3114",
"initial_release_date": "2017-11-02T19:04:48+00:00",
"revision_history": [
{
"date": "2017-11-02T19:04:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-02T19:04:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.1",
"product": {
"name": "Red Hat JBoss Web Server 2.1",
"product_id": "Red Hat JBoss Web Server 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"OpenVPN"
]
},
{
"names": [
"Karthikeyan Bhargavan",
"Ga\u00ebtan Leurent"
],
"organization": "Inria",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2016-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1369383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2183"
},
{
"category": "external",
"summary": "RHBZ#1369383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2548661",
"url": "https://access.redhat.com/articles/2548661"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2016:1940",
"url": "https://access.redhat.com/errata/RHSA-2016:1940"
},
{
"category": "external",
"summary": "https://sweet32.info/",
"url": "https://sweet32.info/"
}
],
"release_date": "2016-08-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
},
{
"cve": "CVE-2017-9788",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2017-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1470748"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Uninitialized memory reflection in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9788"
},
{
"category": "external",
"summary": "RHBZ#1470748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27"
}
],
"release_date": "2017-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "httpd: Uninitialized memory reflection in mod_auth_digest"
},
{
"acknowledgments": [
{
"names": [
"Hanno B\u00f6ck"
]
}
],
"cve": "CVE-2017-9798",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1490344"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9798"
},
{
"category": "external",
"summary": "RHBZ#1490344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798"
},
{
"category": "external",
"summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
}
],
"release_date": "2017-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)"
},
{
"cve": "CVE-2017-12615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493220"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution via JSP Upload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12615"
},
{
"category": "external",
"summary": "RHBZ#1493220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution via JSP Upload"
},
{
"cve": "CVE-2017-12617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1494283"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote Code Execution bypass for CVE-2017-12615",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12617"
},
{
"category": "external",
"summary": "RHBZ#1494283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html",
"url": "https://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2017-09-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T19:04:48+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"category": "workaround",
"details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote Code Execution bypass for CVE-2017-12615"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…