Vulnerability-Lookup

CVE-2020-1938 (GCVE-0-2020-1938)

Vulnerability from cvelistv5 – Published: 2020-02-24 21:19 – Updated: 2025-10-21 23:35

CISA KEVIntel

Summary

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

AJP Request Injection leading to possible Remote Code Execution
CWE-noinfo Not enough information

Assigner

apache

References

52 references

URL	Tags
https://lists.apache.org/thread.html/r7c6f492fbd3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r856cdd87eda…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r75113652e46…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd0774c95699…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r74328b178f9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rce2af55f6e1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rad36ec6a1ff…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb2fc890bef2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r38a5b7943b9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r17aaa3a05b5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd50baccd1bb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4afa11e0464…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r772335e6851…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re5eecbe5bf9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5e2f1201b92…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r549b43509e3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r61f280a7690…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4f86cb26019…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9f119d9ce92…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r089dc67c035…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbdb1d2b651a…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.apache.org/thread.html/rc068e824654…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf26663f42e7…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202003-43	vendor-advisoryx_refsource_GENTOO
https://lists.apache.org/thread.html/rcd5cd301e9e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf992c5adf37…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6a5633cad1b…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/r43faacf6457…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.debian.org/security/2020/dsa-4673	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4680	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb1c0fb105ce…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra7092f74925…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8f748458945…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020022…	x_refsource_CONFIRM
http://support.blackberry.com/kb/articleDetail?ar…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r92d78655c06…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://lists.apache.org/thread.html/r57f5e4ced43…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r47caef01f66…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r90890afea72…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1125f3044a0…	mailing-listx_refsource_MLIST
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

1 product

Vendor	Product	Version
Apache	Apache Tomcat	Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.30 Affected: 8.5.0 to 8.5.50 Affected: 7.0.0 to 7.0.99

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 04e71227-7785-4ca5-858e-b6d42845f8de

Vulnerability ID: CVE-2020-1938

Status: Confirmed

Status Updated: 2022-03-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-03

Asserted: 2022-03-03

Scope

Notes: KEV entry: Apache Tomcat Improper Privilege Management Vulnerability | Affected: Apache / Tomcat | Description: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1938

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Tomcat
Due Date	2022-03-17
Date Added	2022-03-03
Vendorproject	Apache
Vulnerabilityname	Apache Tomcat Improper Privilege Management Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2020-1938

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: a449813f-5779-49d0-9c1b-7ca22eb81fcf

Vulnerability ID: CVE-2020-1938

Status: Confirmed

Status Updated: 2022-03-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-03

Asserted: 2022-03-03

Scope

Notes: KEVIntel entry: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections... | Affected: Apache / Apache Tomcat | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections...
Vendor	Apache
Product	Apache Tomcat
Added Date	2022-03-03T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-19 12:47 UTC | Updated: 2026-06-19 12:47 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
          },
          {
            "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
          },
          {
            "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"
          },
          {
            "name": "GLSA-202003-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-43"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2020-0e42878ba7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
          },
          {
            "name": "FEDORA-2020-c870aa8378",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
          },
          {
            "name": "FEDORA-2020-04ac174fa9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
          },
          {
            "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0597",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
          },
          {
            "name": "DSA-4673",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4673"
          },
          {
            "name": "DSA-4680",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4680"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
          },
          {
            "name": "[tomee-users] 20200723 Re: TomEE on Docker",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-1938",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T21:05:38.047118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:50.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2020-1938 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 9.0.0.M1 to 9.0.0.30"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.50"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.0.99"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "AJP Request Injection leading to possible Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T03:06:28.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
        },
        {
          "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
        },
        {
          "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E"
        },
        {
          "name": "GLSA-202003-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-43"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2020-0e42878ba7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
        },
        {
          "name": "FEDORA-2020-c870aa8378",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
        },
        {
          "name": "FEDORA-2020-04ac174fa9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
        },
        {
          "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0597",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
        },
        {
          "name": "DSA-4673",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4673"
        },
        {
          "name": "DSA-4680",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4680"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
        },
        {
          "name": "[tomee-users] 20200723 Re: TomEE on Docker",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.0.30"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.50"
                          },
                          {
                            "version_value": "7.0.0 to 7.0.99"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AJP Request Injection leading to possible Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200304 Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
            },
            {
              "name": "[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200309 [Bug 64206] Answer file not being used",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
            },
            {
              "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E"
            },
            {
              "name": "GLSA-202003-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-43"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-0e42878ba7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/"
            },
            {
              "name": "FEDORA-2020-c870aa8378",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/"
            },
            {
              "name": "FEDORA-2020-04ac174fa9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/"
            },
            {
              "name": "[tomcat-users] 20200413 RE: Alternatives for AJP",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0597",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"
            },
            {
              "name": "DSA-4673",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4673"
            },
            {
              "name": "DSA-4680",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4680"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200226-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200226-0002/"
            },
            {
              "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739",
              "refsource": "CONFIRM",
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000062739"
            },
            {
              "name": "[tomee-users] 20200723 Re: TomEE on Docker",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1938",
    "datePublished": "2020-02-24T21:19:18.000Z",
    "dateReserved": "2019-12-02T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:50.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-1938",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
      "product": "Tomcat",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache Tomcat Improper Privilege Management Vulnerability"
    },
    "epss": {
      "cve": "CVE-2020-1938",
      "date": "2026-06-22",
      "epss": "0.9927",
      "percentile": "0.99931"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-03-17",
      "cisaExploitAdd": "2022-03-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Apache Tomcat Improper Privilege Management Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DD32C20-8B17-4197-9943-B8293D1C3BED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndIncluding\": \"7.0.99\", \"matchCriteriaId\": \"2EC441A9-309B-4478-A60C-AD9EE2E31C53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.5.0\", \"versionEndIncluding\": \"8.5.50\", \"matchCriteriaId\": \"0CE458D0-7BED-406E-AEDC-0A74D5B2245B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndIncluding\": \"9.0.30\", \"matchCriteriaId\": \"255568C5-7907-4C8C-BD1A-8F1F6061CE17\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED43772F-D280-42F6-A292-7198284D6FE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DB23B9A-571E-4B77-B432-23F3DC9B67D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5F58398-0001-42FE-BD17-44F924955C3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"456AE11C-DD5B-4EA9-AA93-AAFC988830EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.1\", \"versionEndIncluding\": \"17.3\", \"matchCriteriaId\": \"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.0.12\", \"matchCriteriaId\": \"9A3BBE71-CA00-4F54-9210-FC7572C87CFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.20\", \"matchCriteriaId\": \"73573516-EDA0-4176-A3ED-2F7006C87F8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20.5\", \"matchCriteriaId\": \"F510ED6D-7BF8-4548-BF0F-3CF926EB135E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A58642E0-CA59-4DE6-A83C-F551FC621C32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD848FE1-CFD7-490C-B008-DF3B30F3256F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"630C8E99-FE49-486E-9003-40B82809B7A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C842DE9E-5E12-4295-AFA5-DEB5FEDE490A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:good_control:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.58.38\", \"matchCriteriaId\": \"F028AAEB-7536-4E9C-A2F6-0161191BEEF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:workspaces_server:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8A0865-A3C5-40FB-86C1-DFD9BABC1D16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:workspaces_server:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D669A2CD-0BE2-4B90-BF94-58D69512FE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:workspaces_server:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"284BD023-C583-4BA8-8EA9-7A153DCD45DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:workspaces_server:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"834C9378-9BE8-4250-BCF0-43780F6A1EF7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EF46487-B64A-454E-AECC-D74B83170ACD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.1.3\", \"matchCriteriaId\": \"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\"}, {\"lang\": \"es\", \"value\": \"Cuando se usa el Apache JServ Protocol (AJP), se debe tener cuidado cuando se conf\\u00eda en las conexiones entrantes a Apache Tomcat. Tomcat trata las conexiones de AJP como teni\\u00e9ndoles la mayor confianza que, por ejemplo, una conexi\\u00f3n HTTP similar. Si tales conexiones est\\u00e1n disponibles para un atacante, pueden ser explotadas de manera sorprendente. En Apache Tomcat versiones 9.0.0.M1 hasta 9.0.0.30, versiones 8.5.0 hasta 8.5.50 y versiones 7.0.0 hasta 7.0.99, Tomcat se envi\\u00f3 con un conector de AJP habilitado por defecto que escuchaba sobre todas las direcciones IP configuradas. Se esperaba (y se recomienda en la gu\\u00eda de seguridad) que este conector sea deshabilitado si no es requerido. Este reporte de vulnerabilidad identific\\u00f3 un mecanismo que permit\\u00eda: - devolver archivos arbitrarios desde cualquier lugar de la aplicaci\\u00f3n web - procesar cualquier archivo en la aplicaci\\u00f3n web como JSP. Adem\\u00e1s, si la aplicaci\\u00f3n web permit\\u00eda cargar archivos y almacenarlos dentro de la aplicaci\\u00f3n web (o el atacante fue capaz de controlar el contenido de la aplicaci\\u00f3n web por otros medios) y esto, junto con la capacidad de procesar un archivo como JSP, hizo posible una ejecuci\\u00f3n de c\\u00f3digo remota. Es importante notar que la mitigaci\\u00f3n solo es requerida si un puerto AJP es accesible por usuarios no confiables. Los usuarios que deseen adoptar un enfoque de defensa en profundidad y bloquear el vector que permite la devoluci\\u00f3n de archivos arbitrarios y una ejecuci\\u00f3n como JSP pueden actualizar a Apache Tomcat versiones 9.0.31, 8.5.51 o 7.0.100 o posterior. Se realizaron un n\\u00famero de cambios en la configuraci\\u00f3n predeterminada del conector AJP en la versi\\u00f3n 9.0.31 para fortalecer la configuraci\\u00f3n predeterminada. Es probable que los usuarios que actualicen a versiones 9.0.31, 8.5.51 o 7.0.100 o posterior necesitar\\u00e1n llevar a cabo peque\\u00f1os cambios en sus configuraciones.\"}]",
      "id": "CVE-2020-1938",
      "lastModified": "2024-11-21T05:11:39.277",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-24T22:15:12.057",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\", \"source\": \"security@apache.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\", \"source\": \"security@apache.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\", \"source\": \"security@apache.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-43\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4673\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4680\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4673\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4680\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1938\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-02-24T22:15:12.057\",\"lastModified\":\"2025-10-27T17:37:12.387\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\"},{\"lang\":\"es\",\"value\":\"Cuando se usa el Apache JServ Protocol (AJP), se debe tener cuidado cuando se conf\u00eda en las conexiones entrantes a Apache Tomcat. Tomcat trata las conexiones de AJP como teni\u00e9ndoles la mayor confianza que, por ejemplo, una conexi\u00f3n HTTP similar. Si tales conexiones est\u00e1n disponibles para un atacante, pueden ser explotadas de manera sorprendente. En Apache Tomcat versiones 9.0.0.M1 hasta 9.0.0.30, versiones 8.5.0 hasta 8.5.50 y versiones 7.0.0 hasta 7.0.99, Tomcat se envi\u00f3 con un conector de AJP habilitado por defecto que escuchaba sobre todas las direcciones IP configuradas. Se esperaba (y se recomienda en la gu\u00eda de seguridad) que este conector sea deshabilitado si no es requerido. Este reporte de vulnerabilidad identific\u00f3 un mecanismo que permit\u00eda: - devolver archivos arbitrarios desde cualquier lugar de la aplicaci\u00f3n web - procesar cualquier archivo en la aplicaci\u00f3n web como JSP. Adem\u00e1s, si la aplicaci\u00f3n web permit\u00eda cargar archivos y almacenarlos dentro de la aplicaci\u00f3n web (o el atacante fue capaz de controlar el contenido de la aplicaci\u00f3n web por otros medios) y esto, junto con la capacidad de procesar un archivo como JSP, hizo posible una ejecuci\u00f3n de c\u00f3digo remota. Es importante notar que la mitigaci\u00f3n solo es requerida si un puerto AJP es accesible por usuarios no confiables. Los usuarios que deseen adoptar un enfoque de defensa en profundidad y bloquear el vector que permite la devoluci\u00f3n de archivos arbitrarios y una ejecuci\u00f3n como JSP pueden actualizar a Apache Tomcat versiones 9.0.31, 8.5.51 o 7.0.100 o posterior. Se realizaron un n\u00famero de cambios en la configuraci\u00f3n predeterminada del conector AJP en la versi\u00f3n 9.0.31 para fortalecer la configuraci\u00f3n predeterminada. Es probable que los usuarios que actualicen a versiones 9.0.31, 8.5.51 o 7.0.100 o posterior necesitar\u00e1n llevar a cabo peque\u00f1os cambios en sus configuraciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-03\",\"cisaActionDue\":\"2022-03-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apache Tomcat Improper Privilege Management Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DD32C20-8B17-4197-9943-B8293D1C3BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.100\",\"matchCriteriaId\":\"E7D96045-5A8B-46DD-9F3B-F383F95597E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndExcluding\":\"8.5.51\",\"matchCriteriaId\":\"DE0EA2B0-2CDD-4F86-AE16-63C774803783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.31\",\"matchCriteriaId\":\"50EFBDF6-932E-40DD-9229-5A9C239CC011\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED43772F-D280-42F6-A292-7198284D6FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C57FD3A-0CC1-4BA9-879A-8C4A40234162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"698FB6D0-B26F-4760-9B9B-1C65FBFF2126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB23B9A-571E-4B77-B432-23F3DC9B67D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5F58398-0001-42FE-BD17-44F924955C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"456AE11C-DD5B-4EA9-AA93-AAFC988830EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1\",\"versionEndIncluding\":\"17.3\",\"matchCriteriaId\":\"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.12\",\"matchCriteriaId\":\"9A3BBE71-CA00-4F54-9210-FC7572C87CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.20\",\"matchCriteriaId\":\"73573516-EDA0-4176-A3ED-2F7006C87F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20.5\",\"matchCriteriaId\":\"F510ED6D-7BF8-4548-BF0F-3CF926EB135E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58642E0-CA59-4DE6-A83C-F551FC621C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD848FE1-CFD7-490C-B008-DF3B30F3256F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"630C8E99-FE49-486E-9003-40B82809B7A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C842DE9E-5E12-4295-AFA5-DEB5FEDE490A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:good_control:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.58.38\",\"matchCriteriaId\":\"F028AAEB-7536-4E9C-A2F6-0161191BEEF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8A0865-A3C5-40FB-86C1-DFD9BABC1D16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D669A2CD-0BE2-4B90-BF94-58D69512FE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"284BD023-C583-4BA8-8EA9-7A153DCD45DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:workspaces_server:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834C9378-9BE8-4250-BCF0-43780F6A1EF7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF46487-B64A-454E-AECC-D74B83170ACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-43\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200226-0002/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4673\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4680\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200226-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4673\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200304 Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\", \"name\": \"[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200309 [Bug 64206] Answer file not being used\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\", \"name\": \"openSUSE-SU-2020:0345\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\", \"name\": \"[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-43\", \"name\": \"GLSA-202003-43\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\", \"name\": \"FEDORA-2020-0e42878ba7\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\", \"name\": \"FEDORA-2020-c870aa8378\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\", \"name\": \"FEDORA-2020-04ac174fa9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200413 RE: Alternatives for AJP\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\", \"name\": \"openSUSE-SU-2020:0597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4673\", \"name\": \"DSA-4673\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4680\", \"name\": \"DSA-4680\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\", \"name\": \"[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\", \"name\": \"[tomee-users] 20200723 Re: TomEE on Docker\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210125 Apache Software Foundation Security Report: 2020\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210223 Re: Apache Software Foundation Security Report: 2020\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T06:54:00.412Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-1938\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T21:05:38.047118Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2020-1938 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T21:05:29.094Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apache\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"Apache Tomcat 9.0.0.M1 to 9.0.0.30\"}, {\"status\": \"affected\", \"version\": \"8.5.0 to 8.5.50\"}, {\"status\": \"affected\", \"version\": \"7.0.0 to 7.0.99\"}]}], \"references\": [{\"url\": \"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200304 Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\", \"name\": \"[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200309 [Bug 64206] Answer file not being used\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\", \"name\": \"openSUSE-SU-2020:0345\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E\", \"name\": \"[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-43\", \"name\": \"GLSA-202003-43\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\", \"name\": \"FEDORA-2020-0e42878ba7\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\", \"name\": \"FEDORA-2020-c870aa8378\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\", \"name\": \"FEDORA-2020-04ac174fa9\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200413 RE: Alternatives for AJP\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\", \"name\": \"openSUSE-SU-2020:0597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4673\", \"name\": \"DSA-4673\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4680\", \"name\": \"DSA-4680\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\", \"name\": \"[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E\", \"name\": \"[tomee-users] 20200723 Re: TomEE on Docker\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210125 Apache Software Foundation Security Report: 2020\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210223 Re: Apache Software Foundation Security Report: 2020\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"AJP Request Injection leading to possible Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2021-02-24T03:06:28.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Apache Tomcat 9.0.0.M1 to 9.0.0.30\"}, {\"version_value\": \"8.5.0 to 8.5.50\"}, {\"version_value\": \"7.0.0 to 7.0.99\"}]}, \"product_name\": \"Apache Tomcat\"}]}, \"vendor_name\": \"Apache\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E\", \"name\": \"[tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200304 Re: Fix for CVE-2020-1938\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html\", \"name\": \"[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200309 [Bug 64206] Answer file not being used\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html\", \"name\": \"openSUSE-SU-2020:0345\", \"refsource\": \"SUSE\"}, {\"url\": \"https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3E\", \"name\": \"[httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat\", \"refsource\": \"MLIST\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-43\", \"name\": \"GLSA-202003-43\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/\", \"name\": \"FEDORA-2020-0e42878ba7\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/\", \"name\": \"FEDORA-2020-c870aa8378\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/\", \"name\": \"FEDORA-2020-04ac174fa9\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3E\", \"name\": \"[tomcat-users] 20200413 RE: Alternatives for AJP\", \"refsource\": \"MLIST\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html\", \"name\": \"openSUSE-SU-2020:0597\", \"refsource\": \"SUSE\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4673\", \"name\": \"DSA-4673\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4680\", \"name\": \"DSA-4680\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html\", \"name\": \"[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E\", \"name\": \"[ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200226-0002/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"name\": \"http://support.blackberry.com/kb/articleDetail?articleNumber=000062739\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a@%3Cusers.tomee.apache.org%3E\", \"name\": \"[tomee-users] 20200723 Re: TomEE on Docker\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97@%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda@%3Ccommits.tomee.apache.org%3E\", \"name\": \"[tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2021.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210125 Apache Software Foundation Security Report: 2020\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E\", \"name\": \"[announce] 20210223 Re: Apache Software Foundation Security Report: 2020\", \"refsource\": \"MLIST\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"AJP Request Injection leading to possible Remote Code Execution\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-1938\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@apache.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-1938\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:50.835Z\", \"dateReserved\": \"2019-12-02T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2020-02-24T21:19:18.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2020:0861

Vulnerability from csaf_redhat - Published: 2020-03-17 13:13 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: session fixation (CVE-2019-17563) * tomcat: local privilege escalation (CVE-2019-12418) * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * tomcat: XSS in SSI printenv (CVE-2019-0221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

5.0 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2019-12418

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance.

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-17563

It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 - Session Fixation

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-1938

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

38 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:0861	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1713275	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-0221	self
https://bugzilla.redhat.com/show_bug.cgi?id=1713275	external
https://www.cve.org/CVERecord?id=CVE-2019-0221	external
https://nvd.nist.gov/vuln/detail/CVE-2019-0221	external
https://access.redhat.com/security/cve/CVE-2019-12418	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://www.cve.org/CVERecord?id=CVE-2019-12418	external
https://nvd.nist.gov/vuln/detail/CVE-2019-12418	external
http://mail-archives.apache.org/mod_mbox/tomcat-u…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2019-17563	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://www.cve.org/CVERecord?id=CVE-2019-17563	external
https://nvd.nist.gov/vuln/detail/CVE-2019-17563	external
http://mail-archives.apache.org/mod_mbox/www-anno…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: session fixation (CVE-2019-17563)\n\n* tomcat: local privilege escalation (CVE-2019-12418)\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:0861",
        "url": "https://access.redhat.com/errata/RHSA-2020:0861"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index"
      },
      {
        "category": "external",
        "summary": "1713275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
      },
      {
        "category": "external",
        "summary": "1785699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
      },
      {
        "category": "external",
        "summary": "1785711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0861.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:05+00:00",
      "generator": {
        "date": "2026-05-14T22:25:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:0861",
      "initial_release_date": "2020-03-17T13:13:57+00:00",
      "revision_history": [
        {
          "date": "2020-03-17T13:13:57+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-03-17T13:13:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
                "product": {
                  "name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
                  "product_id": "7Server-JWS-3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
                "product": {
                  "name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
                  "product_id": "6Server-JWS-3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                "product": {
                  "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                  "product_id": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-21.redhat_21.ep7.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                "product": {
                  "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                  "product_id": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.23-21.redhat_21.ep7.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                "product": {
                  "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                  "product_id": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-21.redhat_21.ep7.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                "product": {
                  "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                  "product_id": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.23-21.redhat_21.ep7.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
                "product": {
                  "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
                  "product_id": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-21.redhat_21.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-0:8.0.36-42.ep7.el7.src",
                "product": {
                  "name": "tomcat8-0:8.0.36-42.ep7.el7.src",
                  "product_id": "tomcat8-0:8.0.36-42.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8@8.0.36-42.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-0:7.0.70-38.ep7.el7.src",
                "product": {
                  "name": "tomcat7-0:7.0.70-38.ep7.el7.src",
                  "product_id": "tomcat7-0:7.0.70-38.ep7.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7@7.0.70-38.ep7.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
                "product": {
                  "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
                  "product_id": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-21.redhat_21.ep7.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-0:8.0.36-42.ep7.el6.src",
                "product": {
                  "name": "tomcat8-0:8.0.36-42.ep7.el6.src",
                  "product_id": "tomcat8-0:8.0.36-42.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8@8.0.36-42.ep7.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-0:7.0.70-38.ep7.el6.src",
                "product": {
                  "name": "tomcat7-0:7.0.70-38.ep7.el6.src",
                  "product_id": "tomcat7-0:7.0.70-38.ep7.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7@7.0.70-38.ep7.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat8-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch",
                "product": {
                  "name": "tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch",
                  "product_id": "tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-42.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
                "product": {
                  "name": "tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
                  "product_id": "tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-38.ep7.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
                "product": {
                  "name": "tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
                  "product_id": "tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-42.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
                "product": {
                  "name": "tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
                  "product_id": "tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-38.ep7.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
                "product": {
                  "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
                  "product_id": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-21.redhat_21.ep7.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
                "product": {
                  "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
                  "product_id": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.23-21.redhat_21.ep7.el6?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686"
        },
        "product_reference": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src"
        },
        "product_reference": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64"
        },
        "product_reference": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686"
        },
        "product_reference": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64"
        },
        "product_reference": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-0:7.0.70-38.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src"
        },
        "product_reference": "tomcat7-0:7.0.70-38.ep7.el6.src",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-lib-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch"
        },
        "product_reference": "tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-0:8.0.36-42.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src"
        },
        "product_reference": "tomcat8-0:8.0.36-42.ep7.el6.src",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-lib-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
          "product_id": "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch"
        },
        "product_reference": "tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
        "relates_to_product_reference": "6Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src"
        },
        "product_reference": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64"
        },
        "product_reference": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64"
        },
        "product_reference": "tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-0:7.0.70-38.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src"
        },
        "product_reference": "tomcat7-0:7.0.70-38.ep7.el7.src",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-lib-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch"
        },
        "product_reference": "tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-0:8.0.36-42.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src"
        },
        "product_reference": "tomcat8-0:8.0.36-42.ep7.el7.src",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-lib-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
          "product_id": "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
        },
        "product_reference": "tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch",
        "relates_to_product_reference": "7Server-JWS-3.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-0221",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1713275"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: XSS in SSI printenv",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
          "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
          "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
          "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
          "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "RHBZ#1713275",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
        }
      ],
      "release_date": "2019-04-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-03-17T13:13:57+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0861"
        },
        {
          "category": "workaround",
          "details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: XSS in SSI printenv"
    },
    {
      "cve": "CVE-2019-12418",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of tomcat as shipped with Red Hat Enterprise Linux 5, as they did not include JMX Remote Lifecycle Listener, which was introduced in a later version of the package.\n\npki-servlet-engine has been obsoleted by Tomcat in Red Hat Enterprise Linux 8.9 and later. Therefore no additional fixes would be made available for the servlet engine.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
          "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
          "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
          "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
          "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-03-17T13:13:57+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0861"
        },
        {
          "category": "workaround",
          "details": "Disable JMX Remote if monitoring is only needed locally and there is no need to monitor Tomcat remotely. If JMX Remote is required and cannot be disabled, then use the built-in remote JMX facilities provided by the JVM.\nPlease note that JMX Remote Lifecycle Listener is now deprecated and may be removed from both Tomcat 7 [1] and Tomcat 9 [2] after 2020-12-31.\n\n[1] https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Deprecated_Implementations\n[2] https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Deprecated_Implementations",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: local privilege escalation"
    },
    {
      "cve": "CVE-2019-17563",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that tomcat\u0027s FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\n\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
          "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
          "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
          "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
          "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50"
        }
      ],
      "release_date": "2019-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-03-17T13:13:57+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0861"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Session fixation when using FORM authentication"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
          "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
          "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
          "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
          "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
          "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
          "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
          "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
          "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
          "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-03-17T13:13:57+00:00",
          "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0861"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.src",
            "6Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.i686",
            "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el6.x86_64",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el6.src",
            "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el6.src",
            "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el6.noarch",
            "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el6.noarch",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.src",
            "7Server-JWS-3.1:tomcat-native-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-21.redhat_21.ep7.el7.x86_64",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-0:7.0.70-38.ep7.el7.src",
            "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-38.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-0:8.0.36-42.ep7.el7.src",
            "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-42.ep7.el7.noarch",
            "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-42.ep7.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:0912

Vulnerability from csaf_redhat - Published: 2020-03-23 08:49 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: tomcat6 security update

Severity

Important

Notes

Topic: An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

15 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:0912	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:0912",
        "url": "https://access.redhat.com/errata/RHSA-2020:0912"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0912.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat6 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:11+00:00",
      "generator": {
        "date": "2026-05-14T22:25:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:0912",
      "initial_release_date": "2020-03-23T08:49:54+00:00",
      "revision_history": [
        {
          "date": "2020-03-23T08:49:54+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-03-23T08:49:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                  "product_id": "6Client-optional-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                  "product_id": "6ComputeNode-optional-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                  "product_id": "6Server-optional-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                  "product_id": "6Workstation-optional-6.10.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
                "product": {
                  "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
                  "product_id": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.24-114.el6_10?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.24-114.el6_10.src",
                "product": {
                  "name": "tomcat6-0:6.0.24-114.el6_10.src",
                  "product_id": "tomcat6-0:6.0.24-114.el6_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.24-114.el6_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Client-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6ComputeNode-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Server-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.24-114.el6_10.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src"
        },
        "product_reference": "tomcat6-0:6.0.24-114.el6_10.src",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
        "relates_to_product_reference": "6Workstation-optional-6.10.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
          "6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
          "6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-03-23T08:49:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0912"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Client-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Client-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6ComputeNode-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6ComputeNode-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Server-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Server-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-0:6.0.24-114.el6_10.src",
            "6Workstation-optional-6.10.z:tomcat6-admin-webapps-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-docs-webapp-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-el-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-javadoc-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-jsp-2.1-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-lib-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-servlet-2.5-api-0:6.0.24-114.el6_10.noarch",
            "6Workstation-optional-6.10.z:tomcat6-webapps-0:6.0.24-114.el6_10.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:1478

Vulnerability from csaf_redhat - Published: 2020-04-14 21:22 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

16 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:1478	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1478",
        "url": "https://access.redhat.com/errata/RHSA-2020:1478"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1478.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:11+00:00",
      "generator": {
        "date": "2026-05-14T22:25:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:1478",
      "initial_release_date": "2020-04-14T21:22:13+00:00",
      "revision_history": [
        {
          "date": "2020-04-14T21:22:13+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-14T21:22:13+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
                  "product_id": "6Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
                "product": {
                  "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
                  "product_id": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.30-2.Final_redhat_2.1.ep6.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src"
        },
        "product_reference": "jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-14T21:22:13+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. The JBoss server process must be restarted for the update to take effect.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1478"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:1479

Vulnerability from csaf_redhat - Published: 2020-04-14 20:50 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to these updated packages. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 6.4 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:6.4`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

17 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:1479	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1479",
        "url": "https://access.redhat.com/errata/RHSA-2020:1479"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1479.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:20+00:00",
      "generator": {
        "date": "2026-05-14T22:25:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:1479",
      "initial_release_date": "2020-04-14T20:50:44+00:00",
      "revision_history": [
        {
          "date": "2020-04-14T20:50:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-15T18:52:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 6.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-14T20:50:44+00:00",
          "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The JBoss server process must be restarted for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 6.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1479"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 6.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 6.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:1520

Vulnerability from csaf_redhat - Published: 2020-04-21 11:07 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release

Severity

Important

Notes

Topic: Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * tomcat: local privilege escalation (CVE-2019-12418) * tomcat: session fixation (CVE-2019-17563) * tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2019-17569) * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-12418

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 44 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-17563

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 - Session Fixation

Affected products

Fixed 44 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-17569

The refactoring in 9.0.28 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. It affects the versions of Apache Tomcat 9 (9.0.28 to 9.0.30), Tomcat 8 (8.5.48 to 8.5.50), and Tomcat 7 (7.0.98 to 7.0.99).

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 44 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 44 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 44 products

Product	Version	Remediation
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

46 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:1520	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806849	external
https://issues.redhat.com/browse/JWS-1419	external
https://issues.redhat.com/browse/JWS-1463	external
https://issues.redhat.com/browse/JWS-1465	external
https://issues.redhat.com/browse/JWS-1478	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-12418	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://www.cve.org/CVERecord?id=CVE-2019-12418	external
https://nvd.nist.gov/vuln/detail/CVE-2019-12418	external
http://mail-archives.apache.org/mod_mbox/tomcat-u…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2019-17563	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://www.cve.org/CVERecord?id=CVE-2019-17563	external
https://nvd.nist.gov/vuln/detail/CVE-2019-17563	external
http://mail-archives.apache.org/mod_mbox/www-anno…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2019-17569	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806849	external
https://www.cve.org/CVERecord?id=CVE-2019-17569	external
https://nvd.nist.gov/vuln/detail/CVE-2019-17569	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2020-1935	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://www.cve.org/CVERecord?id=CVE-2020-1935	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1935	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Apache Tomcat Security Team @ZeddYu

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this release as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n* tomcat: local privilege escalation (CVE-2019-12418)\n* tomcat: session fixation (CVE-2019-17563)\n* tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2019-17569)\n* tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1520",
        "url": "https://access.redhat.com/errata/RHSA-2020:1520"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1785699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
      },
      {
        "category": "external",
        "summary": "1785711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1806835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
      },
      {
        "category": "external",
        "summary": "1806849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
      },
      {
        "category": "external",
        "summary": "JWS-1419",
        "url": "https://issues.redhat.com/browse/JWS-1419"
      },
      {
        "category": "external",
        "summary": "JWS-1463",
        "url": "https://issues.redhat.com/browse/JWS-1463"
      },
      {
        "category": "external",
        "summary": "JWS-1465",
        "url": "https://issues.redhat.com/browse/JWS-1465"
      },
      {
        "category": "external",
        "summary": "JWS-1478",
        "url": "https://issues.redhat.com/browse/JWS-1478"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1520.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:06+00:00",
      "generator": {
        "date": "2026-05-14T22:25:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:1520",
      "initial_release_date": "2020-04-21T11:07:53+00:00",
      "revision_history": [
        {
          "date": "2020-04-21T11:07:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-21T11:07:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
                  "product_id": "7Server-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
                  "product_id": "6Server-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 8",
                  "product_id": "8Base-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el8jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el8jws?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el8jws?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el6jws?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12418",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of tomcat as shipped with Red Hat Enterprise Linux 5, as they did not include JMX Remote Lifecycle Listener, which was introduced in a later version of the package.\n\npki-servlet-engine has been obsoleted by Tomcat in Red Hat Enterprise Linux 8.9 and later. Therefore no additional fixes would be made available for the servlet engine.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Disable JMX Remote if monitoring is only needed locally and there is no need to monitor Tomcat remotely. If JMX Remote is required and cannot be disabled, then use the built-in remote JMX facilities provided by the JVM.\nPlease note that JMX Remote Lifecycle Listener is now deprecated and may be removed from both Tomcat 7 [1] and Tomcat 9 [2] after 2020-12-31.\n\n[1] https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Deprecated_Implementations\n[2] https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Deprecated_Implementations",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: local privilege escalation"
    },
    {
      "cve": "CVE-2019-17563",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that tomcat\u0027s FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\n\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50"
        }
      ],
      "release_date": "2019-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Session fixation when using FORM authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2019-17569",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The refactoring in 9.0.28 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.\r\n\r\nIt affects the versions of Apache Tomcat 9 (9.0.28 to 9.0.30), Tomcat 8 (8.5.48 to 8.5.50), and Tomcat 7 (7.0.98 to 7.0.99).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of Tomcat as shipped with Red Enterprise Linux 5, 6, 7 and 8, as they did not include the vulnerable code, which was introduced in a later version of the package.\n\nOpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806835"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806835",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:1521

Vulnerability from csaf_redhat - Published: 2020-04-21 10:55 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release

Severity

Important

Notes

Topic: Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2019-12418

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Web Server (JWS) 5.3 Red Hat / Red Hat JBoss Web Server	`cpe:/a:redhat:jboss_enterprise_web_server:5.3`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-17563

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 - Session Fixation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Web Server (JWS) 5.3 Red Hat / Red Hat JBoss Web Server	`cpe:/a:redhat:jboss_enterprise_web_server:5.3`	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-17569

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Web Server (JWS) 5.3 Red Hat / Red Hat JBoss Web Server	`cpe:/a:redhat:jboss_enterprise_web_server:5.3`	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-1935

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Web Server (JWS) 5.3 Red Hat / Red Hat JBoss Web Server	`cpe:/a:redhat:jboss_enterprise_web_server:5.3`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Web Server (JWS) 5.3 Red Hat / Red Hat JBoss Web Server	`cpe:/a:redhat:jboss_enterprise_web_server:5.3`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:1521	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806849	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-12418	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785699	external
https://www.cve.org/CVERecord?id=CVE-2019-12418	external
https://nvd.nist.gov/vuln/detail/CVE-2019-12418	external
http://mail-archives.apache.org/mod_mbox/tomcat-u…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2019-17563	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785711	external
https://www.cve.org/CVERecord?id=CVE-2019-17563	external
https://nvd.nist.gov/vuln/detail/CVE-2019-17563	external
http://mail-archives.apache.org/mod_mbox/www-anno…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2019-17569	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806849	external
https://www.cve.org/CVERecord?id=CVE-2019-17569	external
https://nvd.nist.gov/vuln/detail/CVE-2019-17569	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2020-1935	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://www.cve.org/CVERecord?id=CVE-2020-1935	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1935	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Apache Tomcat Security Team @ZeddYu

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this release as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component\nupgrades, which are documented in the Release Notes, linked to in the\nReferences.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n* tomcat: local privilege escalation (CVE-2019-12418)\n* tomcat: session fixation (CVE-2019-17563)\n* tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2019-17569)\n* tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1521",
        "url": "https://access.redhat.com/errata/RHSA-2020:1521"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1785699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
      },
      {
        "category": "external",
        "summary": "1785711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1806835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
      },
      {
        "category": "external",
        "summary": "1806849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1521.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:06+00:00",
      "generator": {
        "date": "2026-05-14T22:25:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:1521",
      "initial_release_date": "2020-04-21T10:55:39+00:00",
      "revision_history": [
        {
          "date": "2020-04-21T10:55:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-21T10:55:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server (JWS) 5.3",
                "product": {
                  "name": "Red Hat JBoss Web Server (JWS) 5.3",
                  "product_id": "Red Hat JBoss Web Server (JWS) 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12418",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of tomcat as shipped with Red Hat Enterprise Linux 5, as they did not include JMX Remote Lifecycle Listener, which was introduced in a later version of the package.\n\npki-servlet-engine has been obsoleted by Tomcat in Red Hat Enterprise Linux 8.9 and later. Therefore no additional fixes would be made available for the servlet engine.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server (JWS) 5.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T10:55:39+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1521"
        },
        {
          "category": "workaround",
          "details": "Disable JMX Remote if monitoring is only needed locally and there is no need to monitor Tomcat remotely. If JMX Remote is required and cannot be disabled, then use the built-in remote JMX facilities provided by the JVM.\nPlease note that JMX Remote Lifecycle Listener is now deprecated and may be removed from both Tomcat 7 [1] and Tomcat 9 [2] after 2020-12-31.\n\n[1] https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Deprecated_Implementations\n[2] https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Deprecated_Implementations",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: local privilege escalation"
    },
    {
      "cve": "CVE-2019-17563",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that tomcat\u0027s FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\n\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server (JWS) 5.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50"
        }
      ],
      "release_date": "2019-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T10:55:39+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1521"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Session fixation when using FORM authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2019-17569",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The refactoring in 9.0.28 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.\r\n\r\nIt affects the versions of Apache Tomcat 9 (9.0.28 to 9.0.30), Tomcat 8 (8.5.48 to 8.5.50), and Tomcat 7 (7.0.98 to 7.0.99).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of Tomcat as shipped with Red Enterprise Linux 5, 6, 7 and 8, as they did not include the vulnerable code, which was introduced in a later version of the package.\n\nOpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server (JWS) 5.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T10:55:39+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1521"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806835"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server (JWS) 5.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806835",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T10:55:39+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1521"
        },
        {
          "category": "workaround",
          "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server (JWS) 5.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T10:55:39+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1521"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server (JWS) 5.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:2367

Vulnerability from csaf_redhat - Published: 2020-06-04 13:11 - Updated: 2026-05-14 22:25

Summary

Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update

Severity

Important

Notes

Topic: An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [NOTE: This security advisory was unintentionally omitted at the time of the initial software release on 2020-03-23. The advisory is informational only; no files in the release have changed.]

Details: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Runtimes Spring Boot 2.1.13 Red Hat / Red Hat OpenShift Application Runtimes	`cpe:/a:redhat:openshift_application_runtimes:1.0`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Runtimes Spring Boot 2.1.13 Red Hat / Red Hat OpenShift Application Runtimes	`cpe:/a:redhat:openshift_application_runtimes:1.0`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2020-1935

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Runtimes Spring Boot 2.1.13 Red Hat / Red Hat OpenShift Application Runtimes	`cpe:/a:redhat:openshift_application_runtimes:1.0`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Runtimes Spring Boot 2.1.13 Red Hat / Red Hat OpenShift Application Runtimes	`cpe:/a:redhat:openshift_application_runtimes:1.0`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

32 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:2367	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1772464	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://bugzilla.redhat.com/show_bug.cgi?id=1807305	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-14888	self
https://bugzilla.redhat.com/show_bug.cgi?id=1772464	external
https://www.cve.org/CVERecord?id=CVE-2019-14888	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14888	external
https://access.redhat.com/security/cve/CVE-2020-1745	self
https://bugzilla.redhat.com/show_bug.cgi?id=1807305	external
https://www.cve.org/CVERecord?id=CVE-2020-1745	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1745	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://access.redhat.com/security/cve/CVE-2020-1935	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://www.cve.org/CVERecord?id=CVE-2020-1935	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1935	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Verizon Media Henning Baldersheim Håvard Pettersen

Steve Zapantis Robert Roberson taktakdb4g

Apache Tomcat Security Team @ZeddYu

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[NOTE: This security advisory was unintentionally omitted at the time of the initial software release on 2020-03-23. The advisory is informational only; no files in the release have changed.]",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2367",
        "url": "https://access.redhat.com/errata/RHSA-2020:2367"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=catRhoar.spring.boot\u0026downloadType=distributions\u0026version=2.1.13",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=catRhoar.spring.boot\u0026downloadType=distributions\u0026version=2.1.13"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/"
      },
      {
        "category": "external",
        "summary": "1772464",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1806835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
      },
      {
        "category": "external",
        "summary": "1807305",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2367.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-05-14T22:25:23+00:00",
      "generator": {
        "date": "2026-05-14T22:25:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:2367",
      "initial_release_date": "2020-06-04T13:11:36+00:00",
      "revision_history": [
        {
          "date": "2020-06-04T13:11:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-06-04T13:11:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:25:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Runtimes Spring Boot 2.1.13",
                "product": {
                  "name": "Red Hat Runtimes Spring Boot 2.1.13",
                  "product_id": "Red Hat Runtimes Spring Boot 2.1.13",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Application Runtimes"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Henning Baldersheim",
            "H\u00e5vard Pettersen"
          ],
          "organization": "Verizon Media"
        }
      ],
      "cve": "CVE-2019-14888",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1772464"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Runtimes Spring Boot 2.1.13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14888"
        },
        {
          "category": "external",
          "summary": "RHBZ#1772464",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14888",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14888"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888"
        }
      ],
      "release_date": "2020-01-20T12:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-04T13:11:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2367"
        },
        {
          "category": "workaround",
          "details": "Enable HTTP2 (enable-http2=\"true\") in the undertow\u0027s HTTPS settings.",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steve Zapantis",
            "Robert Roberson",
            "taktakdb4g"
          ]
        }
      ],
      "cve": "CVE-2020-1745",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1807305"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Runtimes Spring Boot 2.1.13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1745"
        },
        {
          "category": "external",
          "summary": "RHBZ#1807305",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        }
      ],
      "release_date": "2020-02-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-04T13:11:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2367"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "undertow: AJP File Read/Inclusion Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806835"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Runtimes Spring Boot 2.1.13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806835",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-04T13:11:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2367"
        },
        {
          "category": "workaround",
          "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Runtimes Spring Boot 2.1.13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-04T13:11:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2367"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Runtimes Spring Boot 2.1.13"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:2779

Vulnerability from csaf_redhat - Published: 2020-07-01 10:57 - Updated: 2026-05-14 22:24

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section. Security Fix(es): * jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.

CVE-2019-14885

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch	—	Vendor Fix fix
Unresolved product id: 6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

28 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:2779	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-US/JBo…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1700855	external
https://bugzilla.redhat.com/show_bug.cgi?id=1708467	external
https://bugzilla.redhat.com/show_bug.cgi?id=1710433	external
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://bugzilla.redhat.com/show_bug.cgi?id=1772542	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816579	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816629	external
https://bugzilla.redhat.com/show_bug.cgi?id=1819214	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-14885	self
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://www.cve.org/CVERecord?id=CVE-2019-14885	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14885	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.\n\nSecurity Fix(es):\n\n* jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* JBoss EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2779",
        "url": "https://access.redhat.com/errata/RHSA-2020:2779"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
        "url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
      },
      {
        "category": "external",
        "summary": "1700855",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700855"
      },
      {
        "category": "external",
        "summary": "1708467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708467"
      },
      {
        "category": "external",
        "summary": "1710433",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710433"
      },
      {
        "category": "external",
        "summary": "1770615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
      },
      {
        "category": "external",
        "summary": "1772542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772542"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1816579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816579"
      },
      {
        "category": "external",
        "summary": "1816629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816629"
      },
      {
        "category": "external",
        "summary": "1819214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819214"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2779.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:24:34+00:00",
      "generator": {
        "date": "2026-05-14T22:24:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:2779",
      "initial_release_date": "2020-07-01T10:57:42+00:00",
      "revision_history": [
        {
          "date": "2020-07-01T10:57:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-07-01T10:57:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:24:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
                  "product_id": "6Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-spi-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-deployers-common-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-jdbc-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-spec-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-validator-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14885",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2019-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1770615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
          "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "RHBZ#1770615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
        }
      ],
      "release_date": "2020-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:57:42+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\nYou must restart the JBoss server process for the update to take effect.",
          "product_ids": [
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2779"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
          "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
          "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
          "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:57:42+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\nYou must restart the JBoss server process for the update to take effect.",
          "product_ids": [
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2779"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6.src",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6.src",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.noarch",
            "6Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:2780

Vulnerability from csaf_redhat - Published: 2020-07-01 10:55 - Updated: 2026-05-14 22:24

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

CVE-2019-14885

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

28 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:2780	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-US/JBo…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1700855	external
https://bugzilla.redhat.com/show_bug.cgi?id=1708467	external
https://bugzilla.redhat.com/show_bug.cgi?id=1710434	external
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://bugzilla.redhat.com/show_bug.cgi?id=1772542	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816579	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816629	external
https://bugzilla.redhat.com/show_bug.cgi?id=1819214	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-14885	self
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://www.cve.org/CVERecord?id=CVE-2019-14885	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14885	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* JBoss EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat\nEnterprise Linux 5 are advised to upgrade to these updated packages. The JBoss\nserver process must be restarted for the update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2780",
        "url": "https://access.redhat.com/errata/RHSA-2020:2780"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
        "url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
      },
      {
        "category": "external",
        "summary": "1700855",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700855"
      },
      {
        "category": "external",
        "summary": "1708467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708467"
      },
      {
        "category": "external",
        "summary": "1710434",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710434"
      },
      {
        "category": "external",
        "summary": "1770615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
      },
      {
        "category": "external",
        "summary": "1772542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772542"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1816579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816579"
      },
      {
        "category": "external",
        "summary": "1816629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816629"
      },
      {
        "category": "external",
        "summary": "1819214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819214"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2780.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:24:36+00:00",
      "generator": {
        "date": "2026-05-14T22:24:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:2780",
      "initial_release_date": "2020-07-01T10:55:01+00:00",
      "revision_history": [
        {
          "date": "2020-07-01T10:55:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-07-01T10:55:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:24:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-spi-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-deployers-common-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-jdbc-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-spec-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-validator-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src",
        "relates_to_product_reference": "7Server-JBEAP-6.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14885",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2019-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1770615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
          "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
          "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "RHBZ#1770615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
        }
      ],
      "release_date": "2020-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:55:01+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2780"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
          "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
          "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
          "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:55:01+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2780"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7.src",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7.src",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7.src",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.noarch",
            "7Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

RHSA-2020:2781

Vulnerability from csaf_redhat - Published: 2020-07-01 10:57 - Updated: 2026-05-14 22:24

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2019-14885

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch	—	Vendor Fix fix
Unresolved product id: 5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-1938

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 149 products

Product	Version	Remediation
Unresolved product id: 5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

28 references

URL	Category
https://access.redhat.com/errata/RHSA-2020:2781	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-US/JBo…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1700855	external
https://bugzilla.redhat.com/show_bug.cgi?id=1708467	external
https://bugzilla.redhat.com/show_bug.cgi?id=1710432	external
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://bugzilla.redhat.com/show_bug.cgi?id=1772542	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816579	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816629	external
https://bugzilla.redhat.com/show_bug.cgi?id=1819214	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-14885	self
https://bugzilla.redhat.com/show_bug.cgi?id=1770615	external
https://www.cve.org/CVERecord?id=CVE-2019-14885	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14885	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.\n\nSecurity Fix(es):\n\n* jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n\n* JBoss EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command (CVE-2019-14885)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2781",
        "url": "https://access.redhat.com/errata/RHSA-2020:2781"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
        "url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
      },
      {
        "category": "external",
        "summary": "1700855",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1700855"
      },
      {
        "category": "external",
        "summary": "1708467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1708467"
      },
      {
        "category": "external",
        "summary": "1710432",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710432"
      },
      {
        "category": "external",
        "summary": "1770615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
      },
      {
        "category": "external",
        "summary": "1772542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772542"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1816579",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816579"
      },
      {
        "category": "external",
        "summary": "1816629",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816629"
      },
      {
        "category": "external",
        "summary": "1819214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819214"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2781.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.23 security update",
    "tracking": {
      "current_release_date": "2026-05-14T22:24:34+00:00",
      "generator": {
        "date": "2026-05-14T22:24:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2020:2781",
      "initial_release_date": "2020-07-01T10:57:21+00:00",
      "revision_history": [
        {
          "date": "2020-07-01T10:57:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-07-01T10:57:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:24:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-6.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-common-spi-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-core-impl-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-deployers-common-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-jdbc-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-spec-api-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-validator-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
                "product": {
                  "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
                  "product_id": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ironjacamar-eap6@1.0.44-1.Final_redhat_00001.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
                "product": {
                  "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
                  "product_id": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hornetq@2.3.25-29.SP31_redhat_00001.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src",
                "product": {
                  "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src",
                  "product_id": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/weld-core@1.1.34-2.Final_redhat_2.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
                "product": {
                  "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
                  "product_id": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbosgi-repository@2.1.0-3.Final_redhat_3.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
                "product": {
                  "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
                  "product_id": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.5.31-1.Final_redhat_1.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
                "product": {
                  "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
                  "product_id": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting3-jmx@1.1.4-2.Final_redhat_00001.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
                "product": {
                  "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
                  "product_id": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jsf12-eap6@1.2.15-11.b01_SP2_redhat_2.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-version@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-web@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-server@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-network@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-security@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-domain@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-core@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.23-4.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.23-3.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
                "product": {
                  "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
                  "product_id": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.23-2.Final_redhat_00002.1.ep6.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src"
        },
        "product_reference": "glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src"
        },
        "product_reference": "hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src"
        },
        "product_reference": "ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src"
        },
        "product_reference": "jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src"
        },
        "product_reference": "jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src"
        },
        "product_reference": "jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src"
        },
        "product_reference": "jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
        },
        "product_reference": "weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14885",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2019-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1770615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the JBoss EAP Vault system. Confidential information of the system property\u2019s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI \u0027reload\u0027 command. This flaw can lead to the exposure of confidential information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
          "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
          "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "RHBZ#1770615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14885"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14885"
        }
      ],
      "release_date": "2020-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:57:21+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\nYou must restart the JBoss server process for the update to take effect.",
          "product_ids": [
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2781"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "EAP: Vault system property security attribute value is revealed on CLI \u0027reload\u0027 command"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
          "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
          "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
          "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
          "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-07-01T10:57:21+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\nYou must restart the JBoss server process for the update to take effect.",
          "product_ids": [
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2781"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5.src",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-common-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-common-spi-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-core-impl-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-deployers-common-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:ironjacamar-jdbc-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-spec-api-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:ironjacamar-validator-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5.src",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5.src",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.noarch",
            "5Server-JBEAP-6.4:weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1938 (GCVE-0-2020-1938)

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

Tags

Sightings

Nomenclature